Intelligent controller and sensor network bus, system and method including a message retransmission mechanism

ABSTRACT

A machine automation system for controlling and operating an automated machine. The system includes a controller and sensor bus including a central processing core and a multi-medium transmission intranet for implementing a dynamic burst to broadcast transmission scheme where messages are burst from nodes to the central processing core and broadcast from the central processing core to all of the nodes.

RELATED APPLICATIONS

This application is a continuation-in-part of the co-pending U.S. patentapplication Ser. No. 16/741,332, filed Jan. 13, 2020, entitled“INTELLIGENT CONTROLLER AND SENSOR NETWORK BUS, SYSTEM AND METHODINCLUDING MULTI-LAYER PLATFORM SECURITY ARCHITECTURE,” which is acontinuation-in-part of the co-pending U.S. patent application Ser. No.16/653,558, filed Oct. 15, 2019, entitled “INTELLIGENT CONTROLLER ANDSENSOR NETWORK BUS, SYSTEM AND METHOD INCLUDING SMART COMPLIANT ACTUATORMODULE,” which is a continuation-in-part of the co-pending U.S. patentapplication Ser. No. 16/572,358, filed Sep. 16, 2019, entitled“INTELLIGENT CONTROLLER AND SENSOR NETWORK BUS, SYSTEM AND METHODINCLUDING GENERIC ENCAPSULATION MODE,” which is a continuation-in-partof U.S. patent application Ser. No. 16/529,682, filed Aug. 1, 2019,entitled “INTELLIGENT CONTROLLER AND SENSOR NETWORK BUS, SYSTEM ANDMETHOD,” all of which are hereby incorporated by reference.

FIELD OF THE INVENTION

The present invention relates to the field of buses. More particularly,the present invention relates to a controller and sensor network busarchitecture.

BACKGROUND OF THE INVENTION

The field of machine automation is expanding rapidly with thedevelopment of self-driving cars, intelligent robots and factoryautomation. However, due to their varied and high-speed needs, there isno bus or network architecture that is able to efficient handle all ofthe demands of these emerging technologies. Instead, the currentnetworks latency is high, bandwidth is low, cabling is complex, withlarge electromagnetic interference (EMI), high cost, unsecured data andcomplex system integration. For example, networks do not have enoughspeed and throughput to carry sensor data like camera and lightdetection and ranging (LIDAR) data across the network to CPU Cores.Further, existing cable systems are complex, short-reach, and cannotdeal with EMI without expensive shielding due to the use of coppercabling systems. There is no all-in-one “Controller and Sensor Network”system Bus solution that can support and carry internet L2/L3 Ethernetpackets, Motor & Motion control messages, sensor data and CPU-CMD acrossa system from edge node to edge nodes.

SUMMARY OF THE INVENTION

A machine automation system for controlling and operating an automatedmachine. The system includes a controller and sensor bus including acentral processing core and a multi-medium transmission intranet forimplementing a dynamic burst to broadcast transmission scheme wheremessages are burst from nodes to the central processing core andbroadcast from the central processing core to all of the nodes.

A first aspect is directed to a machine automation system forcontrolling and operating an automated machine. The system comprises acontroller and sensor bus including at least one central processing coreincluding one or more root ports each having a root acknowledgmentengine, one or more transmission networks each including a plurality ofleaf nodes and directly coupled to the core via a different one of theroot ports, the leaf nodes each including a leaf acknowledgment engineand a leaf node memory and a plurality of input/output ports eachcoupled with one of the leaf nodes and a plurality of external machineautomation devices each coupled to one of the leaf nodes via one or moreof the ports coupled with the one of the leaf nodes, wherein one of theroot ports transmits a grant message indicating a transmission window toone of the leaf nodes coupled with the one of the root ports, the one ofthe leaf nodes transmits a data message including a plurality of packetshaving destination information and an acknowledgment request indicatorto one of the root ports within the transmission window and the leafacknowledgment engine of the one of the leaf nodes stores a leaf copy ofthe data message including the plurality of packets and if the one ofthe root ports receives the data message without any uncorrectableerrors, the root acknowledgment engine of the one of the root portstransmits a data-received message to the one of the leaf nodes whichremoves the leaf copy based on receiving the data-received message.

In some embodiments, if the one of the root ports does not receive thedata message within the transmission window, the root acknowledgmentengine of the one of the root ports transmits a data-missed message tothe one of the leaf nodes which re-sends the data message including allof the packets using the leaf copy. In some embodiments, if the one ofthe root ports receives the data message with uncorrectable errors in asubset of the packets, the root acknowledgment engine of the one of theroot ports transmits a data-partially-received message to the one of theleaf nodes, the data-partially-received message including packetmissing/received information that identifies the subset of the packetsthat need to be re-sent. In some embodiments, in response to receivingthe data-partially-received message, the one of the leaf nodes removesthe packets that are not a part of the subset from the leaf copy basedon the missing/received information. In some embodiments, themissing/received information comprises a bit map including a bit foreach of the packets of the data message whose value identifies whetherthe packet needs to be re-sent. In some embodiments, themissing/received information comprises a start of sequence value and anend of sequence value that identify a range of the packets that do notneed to be re-sent. In some embodiments, the one of the leaf nodesre-sends the subset to the one of the root ports in a new data messageafter timers associated with each of the subset expire in a subsequenttransmission window granted to the one of the leaf nodes. In someembodiments, the new data message includes one or more other packetsthat were not a part of the data message in addition to the subset.

In some embodiments, the one of the leaf nodes is a part of theplurality of nodes of a first network of the networks, and furtherwherein if the one of the root ports receives the data message withoutany uncorrectable errors and the destination information of the datamessage indicates that the data message needs to be broadcast by the oneof the root ports to all of the leaf nodes in the first network, theroot acknowledgment engine of the one of the root ports refrains fromtransmitting the data-received message to the one of the leaf nodes. Insome embodiments, in response to receiving the data message as broadcastfrom the one of the root ports within the first network, the one of theleaf nodes determines that the one of the leaf nodes is the source ofthe data message and removes from the leaf copy any of the packets foundin the data message such that they are not re-sent to the one of theroot ports. In some embodiments, when the destination informationindicates the data message is to be sent to one or more other of theleaf nodes, the one of the root ports transmits the data message to theother of the leaf nodes and the root acknowledgment engine stores a rootcopy of the data message including the plurality of packets and re-sendsone or more of the packets to the other of the leaf nodes in asubsequent data message if the one of the root ports does not receive anleaf data-received message from one or more of the other of the leafnodes indicating that the one or more of the packets were receivedwithout any uncorrectable errors. In some embodiments, the one of theroot ports selects a target node of the leaf nodes of the first networkand when the other of the leaf nodes are a plurality of the leaf nodesof the first network, only the target node is configured to respond withthe leaf data-received message. In some embodiments, the target node isselected based on which of the leaf nodes of the first network is thelast to receive messages broadcast from the one of the root portsthrough the first network.

A second aspect is directed to a controller and sensor bus. The buscomprises at least one central processing core including one or moreroot ports each having a root acknowledgment engine, one or moretransmission networks each including a plurality of leaf nodes anddirectly coupled to the core via a different one of the root ports, theleaf nodes each including a leaf acknowledgment engine and a leaf nodememory and a plurality of input/output ports each coupled with one ofthe leaf nodes, wherein one of the root ports transmits a grant messageindicating a transmission window to one of the leaf nodes coupled withthe one of the root ports, the one of the leaf nodes transmits a datamessage including a plurality of packets having destination informationand an acknowledgment request indicator to one of the root ports withinthe transmission window and the leaf acknowledgment engine of the one ofthe leaf nodes stores a leaf copy of the data message including theplurality of packets and if the one of the root ports receives the datamessage without any uncorrectable errors, the root acknowledgment engineof the one of the root ports transmits a data-received message to theone of the leaf nodes which removes the leaf copy based on receiving thedata-received message.

In some embodiments, if the one of the root ports does not receive thedata message within the transmission window, the root acknowledgmentengine of the one of the root ports transmits a data-missed message tothe one of the leaf nodes which re-sends the data message including allof the packets using the leaf copy. In some embodiments, if the one ofthe root ports receives the data message with uncorrectable errors in asubset of the packets, the root acknowledgment engine of the one of theroot ports transmits a data-partially-received message to the one of theleaf nodes, the data-partially-received message including packetmissing/received information that identifies the subset of the packetsthat need to be re-sent. In some embodiments, in response to receivingthe data-partially-received message, the one of the leaf nodes removesthe packets that are not a part of the subset from the leaf copy basedon the missing/received information. In some embodiments, themissing/received information comprises a bit map including a bit foreach of the packets of the data message whose value identifies whetherthe packet needs to be re-sent. In some embodiments, themissing/received information comprises a start of sequence value and anend of sequence value that identify a range of the packets that do notneed to be re-sent. In some embodiments, the one of the leaf nodesre-sends the subset to the one of the root ports in a new data messageafter timers associated with each of the subset expire in a subsequenttransmission window granted to the one of the leaf nodes. In someembodiments, the new data message includes one or more other packetsthat were not a part of the data message in addition to the subset.

In some embodiments, the one of the leaf nodes is a part of theplurality of nodes of a first network of the networks, and furtherwherein if the one of the root ports receives the data message withoutany uncorrectable errors and the destination information of the datamessage indicates that the data message needs to be broadcast by the oneof the root ports to all of the leaf nodes in the first network, theroot acknowledgment engine of the one of the root ports refrains fromtransmitting the data-received message to the one of the leaf nodes. Insome embodiments, in response to receiving the data message as broadcastfrom the one of the root ports within the first network, the one of theleaf nodes determines that the one of the leaf nodes is the source ofthe data message and removes from the leaf copy any of the packets foundin the data message such that they are not re-sent to the one of theroot ports. In some embodiments, when the destination informationindicates the data message is to be sent to one or more other of theleaf nodes, the one of the root ports transmits the data message to theother of the leaf nodes and the root acknowledgment engine stores a rootcopy of the data message including the plurality of packets and re-sendsone or more of the packets to the other of the leaf nodes in asubsequent data message if the one of the root ports does not receive anleaf data-received message from one or more of the other of the leafnodes indicating that the one or more of the packets were receivedwithout any uncorrectable errors. In some embodiments, the one of theroot ports selects a target node of the leaf nodes of the first networkand when the other of the leaf nodes are a plurality of the leaf nodesof the first network, only the target node is configured to respond withthe leaf data-received message. In some embodiments, the target node isselected based on which of the leaf nodes of the first network is thelast to receive messages broadcast from the one of the root portsthrough the first network.

A third aspect is directed to a central core of a controller and sensorbus including one or more transmission networks each including aplurality of leaf nodes and directly coupled to the core, the leaf nodeseach including a leaf acknowledgment engine and a leaf node memory. Thecentral core comprises at least one central processing unit and anon-transitory computer readable memory storing at least one root portcoupled with the central processing unit and having a rootacknowledgment engine, wherein the root port is configured to transmit agrant message indicating a transmission window to one of the leaf nodescoupled with the root port and if the root port receives a data messagefrom the one of the leaf nodes within the transmission window withoutany uncorrectable errors, transmit a data-received message to the one ofthe leaf nodes with the root acknowledgment engine, wherein the datamessage includes a plurality of packets having destination informationand an acknowledgment request indicator.

In some embodiments, if the root port does not receive the data messagewithin the transmission window, the root acknowledgment engine of theroot port is configured to transmit a data-missed message to the one ofthe leaf nodes. In some embodiments, if the root port receives the datamessage with uncorrectable errors in a subset of the packets, the rootacknowledgment engine of the root port is configured to transmit adata-partially-received message to the one of the leaf nodes, thedata-partially-received message including packet missing/receivedinformation that identifies the subset of the packets that need to bere-sent. In some embodiments, the missing/received information comprisesa bit map including a bit for each of the packets of the data messagewhose value identifies whether the packet needs to be re-sent. In someembodiments, the missing/received information comprises a start ofsequence value and an end of sequence value that identify a range of thepackets that do not need to be re-sent. In some embodiments, the one ofthe leaf nodes is a part of the plurality of nodes of a first network ofthe networks, and further wherein if the root port receives the datamessage without any uncorrectable errors and the destination informationof the data message indicates that the data message needs to bebroadcast to all of the leaf nodes in the first network, the rootacknowledgment engine of the root port is configured to refrain fromtransmitting the data-received message to the one of the leaf nodes.

In some embodiments, when the destination information indicates the datamessage is to be sent to one or more other of the leaf nodes, the rootport transmits the data message to the other of the leaf nodes and theroot acknowledgment engine stores a root copy of the data messageincluding the plurality of packets and re-sends one or more of thepackets to the other of the leaf nodes in a subsequent data message ifthe root port does not receive an leaf data-received message from one ormore of the other of the leaf nodes indicating that the one or more ofthe packets were received without any uncorrectable errors. In someembodiments, the root port selects a target node of the leaf nodes ofthe first network and when the other of the leaf nodes are a pluralityof the leaf nodes of the first network, only the target node isconfigured to respond with the leaf data-received message. In someembodiments, the target node is selected based on which of the leafnodes of the first network is the last to receive messages broadcastfrom the one of the root ports through the first network.

A fourth aspect is directed to a controller and sensor bus. The buscomprises one or more transmission networks each including a root portand a plurality of leaf nodes, the leaf nodes each including a leafacknowledgment engine and a leaf node memory and a plurality ofinput/output ports each coupled with one of the leaf nodes, wherein oneof the leaf nodes of a first network of the networks is configured toreceive a grant message from the root port of the first networkindicating a transmission window allotted to the one of the leaf nodes,transmit a data message including a plurality of packets havingdestination information and an acknowledgment request indicator to theroot port within the transmission window and store a leaf copy of thedata message including the plurality of packets and receive adata-received message from the root port, wherein the data-receivedmessage indicates if the root port received the data message without anyuncorrectable errors and remove at least a portion of the leaf copybased on the data-received message.

In some embodiments, if the leaf node receives a data-missed messagefrom the root port, the one of the leaf nodes is configured to re-sendthe data message including all of the packets using the leaf copy,wherein the data-missed message indicates the root port did not receivethe data message within the transmission window. In some embodiments,the one of the leaf nodes is configured to receive adata-partially-received message from the root port, thedata-partially-received message indicating that the root port receivedthe data message with uncorrectable errors in a subset of the packetsand including packet missing/received information that identifies thesubset of the packets that need to be re-sent. In some embodiments, inresponse to receiving the data-partially-received message, the one ofthe leaf nodes is configured to remove the packets that are not a partof the subset from the leaf copy based on the missing/receivedinformation. In some embodiments, the missing/received informationcomprises a bit map including a bit for each of the packets of the datamessage whose value identifies whether the packet needs to be re-sent.In some embodiments, the missing/received information comprises a startof sequence value and an end of sequence value that identify a range ofthe packets that do not need to be re-sent.

In some embodiments, the one of the leaf nodes is configured to re-sendthe subset to the one of the root ports in a new data message aftertimers associated with each of the subset expire in a subsequenttransmission window granted to the one of the leaf nodes. In someembodiments, the new data message includes one or more other packetsthat were not a part of the data message in addition to the subset. Insome embodiments, in response to receiving the data message as broadcastfrom the root port within the first network, the one of the leaf nodesis configured to determine that the one of the leaf nodes is the sourceof the data message and remove from the leaf copy any of the packetsfound in the data message such that they are not re-sent to the one ofthe root ports. In some embodiments, the one of the leaf nodes isconfigured to refrain from responding to other data messages broadcastby the root port to all the leaf nodes on the first network unless theone of the leaf nodes receives a target message from the root portindicating that the leaf node is a target node that must respond with aleaf data-received message on behalf of all of the nodes of the firstnetwork upon receiving the other data messages broadcast by the rootport.

A fifth aspect is directed to a method of operating a controller andsensor bus including at least one central processing core including oneor more root ports each having a root acknowledgment engine, one or moretransmission networks each including a plurality of leaf nodes anddirectly coupled to the core via a different one of the root ports, theleaf nodes each including a leaf acknowledgment engine and a leaf nodememory. The method comprises transmitting a grant message with one ofthe root ports, the grant message indicating a transmission window toone of the leaf nodes coupled with the one of the root ports,transmitting, with the one of the leaf nodes, a data message to one ofthe root ports within the transmission window, the data messageincluding a plurality of packets having destination information and anacknowledgment request indicator, storing a leaf copy of the datamessage including the plurality of packets with the leaf acknowledgmentengine of the one of the leaf nodes, if the one of the root portsreceives the data message without any uncorrectable errors, transmittinga data-received message to the one of the leaf nodes with the rootacknowledgment engine of the one of the root ports and removing the leafcopy with the one of the leaf nodes based on receiving the data-receivedmessage.

In some embodiments, the method further comprises transmitting adata-missed message to the one of the leaf nodes with the rootacknowledgment engine of the one of the root ports if the one of theroot ports does not receive the data message within the transmissionwindow and re-sending the data message with the one of the leaf nodesincluding all of the packets using the leaf copy. In some embodiments,the method further comprises if the one of the root ports receives thedata message with uncorrectable errors in a subset of the packets,transmitting a data-partially-received message to the one of the leafnodes with the root acknowledgment engine of the one of the root ports,the data-partially-received message including packet missing/receivedinformation that identifies the subset of the packets that need to bere-sent. In some embodiments, the method further comprises in responseto receiving the data-partially-received message, removing the packetsthat are not a part of the subset from the leaf copy based on themissing/received information with the one of the leaf nodes. In someembodiments, the missing/received information comprises a bit mapincluding a bit for each of the packets of the data message whose valueidentifies whether the packet needs to be re-sent.

In some embodiments, the missing/received information comprises a startof sequence value and an end of sequence value that identify a range ofthe packets that do not need to be re-sent. In some embodiments, themethod further comprises re-sending the subset to the one of the rootports in a new data message with the one of the leaf nodes after timersassociated with each of the subset expire in a subsequent transmissionwindow granted to the one of the leaf nodes. In some embodiments, thenew data message includes one or more other packets that were not a partof the data message in addition to the subset. In some embodiments, theone of the leaf nodes is a part of the plurality of nodes of a firstnetwork of the networks, and the method further comprises if the one ofthe root ports receives the data message without any uncorrectableerrors and the destination information of the data message indicatesthat the data message needs to be broadcast by the one of the root portsto all of the leaf nodes in the first network, refraining fromtransmitting the data-received message to the one of the leaf nodes withthe root acknowledgment engine of the one of the root ports. In someembodiments, the method further comprises, in response to receiving thedata message as broadcast from the one of the root ports within thefirst network, determining that the one of the leaf nodes is the sourceof the data message and removing from the leaf copy any of the packetsfound in the data message with the one of the leaf nodes such that theyare not re-sent to the one of the root ports.

In some embodiments, the method further comprises when the destinationinformation indicates the data message is to be sent to one or moreother of the leaf nodes, transmitting the data message to the other ofthe leaf nodes with the one of the root ports and storing a root copy ofthe data message including the plurality of packets and re-sending oneor more of the packets to the other of the leaf nodes in a subsequentdata message with the root acknowledgment engine if the one of the rootports does not receive an leaf data-received message from one or more ofthe other of the leaf nodes indicating that the one or more of thepackets were received without any uncorrectable errors. In someembodiments, the method further comprises selecting a target node of theleaf nodes of the first network with the one of the root ports, whereinwhen the other of the leaf nodes are a plurality of the leaf nodes ofthe first network, only the target node is configured to respond withthe leaf data-received message. In some embodiments, the target node isselected based on which of the leaf nodes of the first network is thelast to receive messages broadcast from the one of the root portsthrough the first network.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a machine automation system according to someembodiments.

FIG. 2 illustrates an intelligent controller and sensor intranet busaccording to some embodiments.

FIG. 3 illustrates a tree topology of an intelligent controller andsensor intranet bus according to some embodiments.

FIG. 4 illustrates a block diagram of an exemplary computing deviceconfigured to implement the system according to some embodiments.

FIG. 5 illustrates a method of operating a machine automation systemincluding an intelligent controller and sensor intranet bus according tosome embodiments.

FIG. 6A illustrates an exemplary GEM packet format according to someembodiments.

FIG. 6B illustrates a detailed view of a GEM packet header formataccording to some embodiments.

FIG. 6C illustrates a detailed view of a GEM header format for a nodereport message according to some embodiments.

FIG. 6D illustrates a detailed view of a first variant of a GEM headerformat for a root port bandwidth grant message according to someembodiments.

FIG. 6E illustrates a detailed view of a second variant of a GEM headerformat for a root port bandwidth grant message according to someembodiments.

FIG. 6F illustrates a detailed view of a GEM header format for a controlmessage according to some embodiments.

FIG. 7A illustrates a Broadcast-PHY-Frame according to some embodiments.

FIG. 7B illustrates a Burst-PHY-Frame according to some embodiments.

FIG. 7C illustrates a gate Burst-PHY-Frame according to someembodiments.

FIG. 8 illustrates a method of operating the intelligent controller andsensor intranet bus according to some embodiments.

FIG. 9 illustrates a smart compliant actuator (SCA) and sensor moduleaccording to some embodiments.

FIG. 10A illustrates a first variant of a control board of SCA andsensor module according to some embodiments.

FIG. 10B illustrates a second variant of a control board of SCA andsensor module according to some embodiments.

FIG. 10C illustrates a third variant of a control board of SCA andsensor module according to some embodiments.

FIGS. 11A and 11B illustrate a machine automation system includingcoupled SCA and sensor modules according to some embodiments.

FIG. 12 illustrates a method of operating a controller and sensor busaccording to some embodiments.

FIG. 13 illustrates a bus including a multi-layer security architectureaccording to some embodiments.

FIG. 14 illustrates a security module of a bus according to someembodiments.

FIG. 15 illustrates a bus comprising a plurality of subsystems dividedinto a plurality of cascade supervisor levels according to someembodiments.

FIG. 16 illustrates a method of implementing the two-way node/coreauthentication protocol according to some embodiments.

FIG. 17 illustrates a method of operating the intelligent controller andsensor intranet bus according to some embodiments.

FIG. 18 illustrates a message retransmission mechanism of the busaccording to some embodiments.

FIG. 19 illustrates an exemplary acknowledgment message according tosome embodiments.

FIG. 20 illustrates a method of implementing a guaranteed messagedelivery mechanism on a control and sensor bus according to someembodiments.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments described herein are directed to a machine automationsystem, method and device for controlling and operating an automatedmachine. The system, method and device including a controller and sensorbus including a central processing core and a multi-medium transmissionintranet for implementing a dynamic burst to broadcast transmissionscheme where messages are burst from nodes to the central processingcore and broadcast from the central processing core to all of the nodes.As a result, the system, method and device provides the advantage ofhigh speed performance despite combining lower speed network medium aswell as one unified software image for the full intranet systemincluding all gate, node and root ports enabling simplified softwarearchitecture, shorter product development cycle, and easier system leveldebug, monitoring and trouble shooting remotely. In particular, thesystem, method and device provides a unique intranet system architecturespecially defined and optimized for machine automation applications.

FIG. 1 illustrates a machine automation system 100 according to someembodiments. As shown in FIG. 1, the system 100 comprises one or moreexternal devices 102 operably coupled together with an intelligentcontroller and sensor intranet bus 104. In some embodiments, the system100 is able to be a part of an automated device such as a self-drivingvehicle, an automated industrial machine or an automated self-controlledrobot. Alternatively, the system 100 is able to be a part of othermachine automation applications. The devices 102 are able to compriseone or more of sensor devices (e.g. ultrasonic, infrared, camera, lightdetection and ranging (LIDAR), sound navigation and ranging (SONAR),magnetic, radio detection and ranging (RADAR)), internet devices,motors, actuators, lights, displays (e.g. screens, user interfaces),speakers, a graphics processing units, central processing units,memories (e.g. solid state drives, hard disk drives),controllers/microcontrollers or a combination thereof. Each of thedevices 102 is able to be operably wired and/or wirelessly coupled withthe bus 104 via one or more bus input/output (IO) ports (see FIG. 2).Although as shown in FIG. 1, the system 100 comprises a discrete amountof external devices 102 and buses 104, more or less devices 102 and/orbuses 104 are contemplated.

FIG. 2 illustrates the intelligent controller and sensor intranet bus104 according to some embodiments. As shown in FIG. 2, the bus 104comprises an intranet formed by a central core 200 that is coupled withone or more gates 202 and a plurality of edge nodes 204 (each having oneor more external IO ports 99) via one or more central transmissionnetworks 206, and coupled with one or more edge sub-nodes 208 (eachhaving one or more external IO ports 99) via one or more sub-networks210 that extend from the gates 202. As a result, as shown in FIG. 3, thebus 104 forms a network tree topology where the central networks 206branch from the core 200 (e.g. root ports 230 of the core) to edge nodes204 and gates 202, and the subnetworks 210 branch from the gates 202 tosub-nodes 208 and/or sub-gates 202′. In this way, the core 200 is ableto see all of the nodes 204 and sub-nodes 208 (as the gates 202 andsub-gates 202′ are transparent to the core 200). In some embodiments,one or more of the gates 202 are directly coupled with IO ports 99without a node (e.g. to couple with external CPU, GPU, AI cores and/orsolid state drives (SSD)).

The ports 99 are able to be any kind of interface port such asperipheral component interconnect express (PCIe), mobile industryprocessor interface (MIPI), Ethernet, universal serial bus (USB),general purpose input output (GPIO), universal asynchronousreceiver/transmitter (UART), inter-integrated circuit (I²C) and/or othertypes of ports. Although as shown in FIG. 2, the bus 104 comprises adiscrete amount of ports 99, cores 200, nodes 204, 208, gates 202,networks 206, 210, other elements and components thereof, more or lessports 99, cores 200, nodes 204, 208, gates 202, networks 206, 210, otherelements and/or components there of are contemplated.

The central transmission networks 206 are able to comprise connectionmedia that is faster/lower latency than the connection media of thesubnetworks 210 coupled to a gate 202 of that central transmissionnetwork 206. Similarly, the subnetworks 210 are able to compriseconnection media that is faster/lower latency than the connection mediaof the subnetworks 210′ coupled to a gate 202′ of the subnetwork 210 andso on for each iterative subnetwork. This network/subnetwork connectionmedia speed/latency relationship enables the bus 104 to prevent theslowing of the processing of the entire bus 104 despite still includingthe slower connection media as describe in detail below. Alternatively,one or more of the subnetworks 210, 210′ and/or the central networks 206are able to have the same or other connection media speed/latencyrelationships.

In some embodiments, the connection media of the central transmissionnetworks 206 comprises optical fiber cables 212 split using opticalsplitters 214 (e.g 2-to-1 splitters) and having optical transceivers 216to couple to and received data from the nodes 204, 208. In someembodiments, the connection media of the subnetworks 210 comprisesoptical connection media (e.g. like the central transmission networks206, but possibly slower rating), wireless connections (e.g. radiofrequency transceivers 218), copper connections (e.g. twisted-paircopper wires 220 optionally split using analog splitters 222 (e.g.fan-outs/multiplexers) and having serializer/deserializers (SERDES) 224to couple to and received data from the nodes 204, 208), and/orcombinations thereof (e.g. hybrid optical fiber, copper and/or wirelessconnection media). As a result, the bus 104 supports multi-rate traffictransmissions where depending on the latency/speed, connectivity and/ordistance requirements of the data/traffic/external devices 102,different nodes/networks are able to be used to coupled to the bus 104while still providing the desired throughput. For example, for highspeed, low latency and long-distance requirements the optical connectionmedia of the central network is able to be used by coupling to the nodes204. Otherwise, the other networks 210 are able to be used depending oncost, speed, connection and/or distance requirements. In someembodiments, the central networks 206 are passive optical networksand/or the copper subnetworks 210 are active networks. In someembodiments as shown in FIG. 2, one or more of the nodes 204 is coupledto a controller area network (CAN) 226 such that the node inputs datafrom each of the controllers coupled to the controller are network.Alternatively, as shown in FIG. 3, one or more of the subnetworks 210are able to be a CAN coupled with the core 200 via one of the gates 202.

Multi-Layer Bus Addressing

The bus 104 is able to utilize a multi-layered addressing scheme wherethe root ports 230, 10 ports 99, nodes 204, 208, 234 and/or gates 202are able to use node, epoch and GEM identifying addresses for directingmessages through the bus 104. In particular, each of the root ports 230,nodes 204, 208, 234 and gates 202 are able to be assigned a nodeidentifier (node-ID), with the nodes 204, 208 and gates 202 also beingassigned at least one epoch identifier (epoch-ID) and at least one GEMidentifier (GEM-ID). The epoch-IDs are able to be used to identify thesource/destination of messages in the network 206, 210 (e.g. node/gatedevices and their IO ports, embedded CPUs and/or other types ofservices) while at the same time the GEM-IDs are able to be used toidentify the targets of messages (e.g. sets and subsets of the node/gatedevices and their IO ports, embedded CPUs and/or other types ofservices). As a result, the epoch-IDs are able to be used for thetransmission/routing of messages throughout the network 206, 210 whilethe GEM-IDs are able to be used by the devices themselves (via the ports99) to determine whether to capture received/broadcast messages as beingtargeted to them.

Depending on the service level agreement (SLA) profile of the node/gate(which is able to correspond to the devices coupled to the port(s) 99 ofthe node/gate), the nodes/gates are able to be assigned multipleepoch-IDs and multiple GEM-IDs. As a result, the node-ID of each of thenodes 204, 208 and gates 202 is able to map to one or a plurality ofepoch-IDs which are able to map to one or a plurality of GEM-IDs. Forexample, a node 204, 208 coupled with two IO ports 99 is able to have asingle node-ID, two epoch-IDs (one for each port 99) and ten GEM-IDs(one associated with the first epoch-ID and first port 99 and nineassociated with the second epoch-ID and second port 99). Further,although the node-IDs and epoch-IDs are unique to each node/gate/port,the GEM-IDs are able to be shared between nodes/gates/ports. Forexample, ports 99 of the same node 204, 208 or different ports 99 ofdifferent nodes 204, 208 are able to both be associated with matching oroverlapping sets GEM-IDs.

The gates 202 are also able to be assigned one or more virtual node-IDsfor the ports 99 directly coupled with the gate 202. Like the regularnodes, these virtual nodes represented by the gates 202 are able to beassigned multiple epoch-IDs and multiple GEM-IDs depending on the SLAprofile of the gate 202 (which is able to correspond to the devicescoupled to the port(s) 99 of the virtual node/gate).

The other nodes 234 and cores 232 (that are directly coupled to the core200 such as IO devices and embedded CPU cores) are each able to have oneor more GEM-IDs along with a global node-ID, but do not need to beassigned epoch-IDs, which are not required because messages to and fromthese nodes 234 to the core 200 are wholly within the core 200. Likenodes 204, 208, the number of GEM-IDs assigned to each of the nodes 234and cores 232 is able to be determined based on the SLA profile for thatnode 234 or core 232 (which is able to correspond to the devices coupledto the port(s) 99 of the node 234). Each of the core switch 220, rootports 230, nodes 204, 208, 234, and/or gates 202 are able to maintainand update a local SLA table that indicates the mapping between each ofthe node-IDs, epoch-IDs and GEM-IDs. As a result, the bus addressingprovides the advantage of using epoch-IDs and/or node-IDs to facilitatesimplified burst/broadcast messaging between nodes, gates and the corewithin the network 100, while at the same time using GEM-IDs facilitateany desired more complex messaging between the devices/IO ports 99and/or the core themselves.

Generic Encapsulation Mode

The bus 104 is able to encapsulate all input data and internallygenerated data (e.g. control, operation and management messages) into ageneric encapsulation mode (GEM) for transport across the bus 104intranet. Thus, the GEM acts as a unique standardized data and messagecontainer for transmitting data between nodes and/or to the core 200 viathe bus 104 intranet. As a result, the input data is able to beencapsulated into the GEM format at each of the nodes as it enters thebus 104 and is routed through the core 200 (where it is decapsulated forprocessing and re-encapsulated for transmission) and onto itsdestination node which decapsulates the data back to the original formatfor egress to the target external device 102 or other destination. Thisinput data is able to be from various sources (e.g. devices 102, CAN226) input via the ports 99 at the nodes 204, 208, 234 or gates 202and/or the embedded CPU cores 232.

There are two types of GEM formats: GEM packet and GEM control. The GEMpacket format comprises a GEM header plus a GEM payload (e.g. lengthfrom 8 bytes to 4 kilobytes). Typically, the GEM packet format what isused to encapsulate the input port data, packets and messages at theingress (e.g. nodes, ports). The following are some of the IO port data,packet and message examples that are able utilize the GEM packet format:

-   -   Use GEM packet format to carry Ethernet packets from local gate        202 and/or node 204, 208 through bus 104 after GEM encapsulation        to far-end gate 202 and/or node 204 (e.g. this is able to be for        internet and Wi-Fi interfaces through Ethernet Port or PCIe        Ports);    -   Use GEM packet format to carry sensor data from local gate 202        and/or node 204, transmit through bus 104 after GEM        encapsulation to far-end gate 202 and/or node 204 (e.g. CAN bus        data, Camera (MIPI) Frame data, Lidar (Ethernet) data, Magnetic        Encoder data (ADC) and other type of Sensors data;    -   Use GEM packet format to carry jumbo size data and packets and        transmit through fragmentation and de-fragmentation scheme, from        local node 204, 208 to far-end node 204, 208. This is able to        include fragmentation, defragmentation and        re-ordering/re-transmission functions;    -   Use GEM packet format to carry the network control, operation        and management messages between core 200 and nodes 204, 208        (and/or gates), including physical layer operation,        administration and maintenance (PLOAM), node management control        interface (NMCI) and operations, administration and maintenance        (OAM) messages;    -   Use GEM packet format to carry CPU/PCIe access CMD/DATA from        core 200 and local gate 202 and/or node 204 through bus 104        after GEM encapsulation, to far-end local gate 202 and/or node        204 (e.g. CPU 232 access target device 102 from NODE-to-NODE        through PCIe, USB, I2C, UART and GPIO interfaces).    -   Finally, use GEM packet format for VPN channel application        between local-nodes 204, 208 to far nodes 204, 208 through bus        104.        The GEM control message format comprises message plus extended        message (e.g. length 8 bytes+8 bytes . . . ). The GEM control        message format is able to be used in the bus 104 for internal        network management and control purposes, including messages of        dynamic bandwidth allocation (DBA) reporting, DBA-Granting, GEM        RX-Acknowledge, GEM Flow-Control, GEM Power-Management,        GEM-Sniffer, GEM-Remote messages and/or other types of control        messages. As described above, nodes 204 are responsible for        encapsulating/decapsulating data to/from GEM packet and GEM        control message format. This scheme is able to expand PCIe        interface protocol from point-to-point topology to        point-to-multi-point topology and extend the interface distance        from short reach to long reach.

FIGS. 6A-F illustrate an exemplary GEM packet format and GEM headerformats according to some embodiments. As shown in FIG. 6A, an GEMpacket 600 is able to comprise a header 602 and a corresponding payload604. As described above, for message packets the header is able to be aset size (e.g. 8 bytes) and the payload is able to vary in length (e.g.length from 8 bytes to 4 kilobytes) and for control packet the header isable to be, for example, 8 bytes with or without one or more 8 byteextensions.

FIG. 6B illustrates a detailed view of a GEM packet header formataccording to some embodiments. As shown in FIG. 6B, the header 602comprises a GEM type field 606, a payload length indication field 608,an encryption key index field 610 (e.g. AES Key Index), a node/epoch IDfield 612, a GEM-ID field 614, a GEM packet type field 616, atransmission sequence identifier field 618, an acknowledgment requiredfield 620, a last fragment indication field 622 and a header errorcorrection/check (HEC) field 622. Alternatively, one or more of thefields are able to be omitted and/or one or more additional fields areable to be added. In some embodiments, the GEM type field 606 is twobits, the payload length indication field 608 is twelve bits, theencryption key index field 610 is two bits, the node/epoch ID field 612is twelve bits, the GEM-ID field 614 is twelve bits, the GEM packet typefield 616 is three bits, the transmission sequence identifier field 618is six bits, the acknowledgment required field 620 is one bit, the lastfragment indication field 622 is one bit and the header errorcorrection/check (HEC) field 622 is thirteen bits. Alternatively, one ormore of the fields are able to be larger or smaller.

The GEM type field 606 indicates which type of header 602 (and thuswhich type of packet) the GEM packet 600 is. For example, the GEM typefield is able to indicate that the header 602 is one or more of a packetheader, a bandwidth grant message header (e.g. transmitted from a rootport 230 to a gate/node), a bandwidth report message header (e.g.transmitted from a gate/node to a root port 230) and/or a controlmessage (e.g. between one or more of the root ports 230, the gates 202and/or the nodes 204, 208, 234). The payload length indication field 608indicates the length of the payload 604 of the packet 600. Theencryption key index field 610 indicates the type of encryption to useon the packet 600. For example, the encryption key index field 610 isable to be used as an index value within an encryption table to identifyone or more of: whether to encrypt the packet or not, which key to useto encrypt the packet, and/or which method of encryption to use.

The node/epoch ID field 612 is able to identify either the source nodeor the destination node of the packet 600. For example, for a GEM packet600 being burst from a node to the core, the field 612 is able to be orrepresent the node's epoch-ID to indicate the source of the packet 600.As another example, for a GEM packet 600 being broadcast from a rootport 230 to the nodes/gates within its network 206, 210, the field 612is able to be or represent the destination's node-ID (including aunicast node-ID, a multicast node-ID and/or a broadcast node-ID). TheGEM-ID field 614 is able to be or represent the source node'sdata/packet/message identifier for a point to point message, or is ableto be or represent the destination node's GEM-ID (e.g. including CANmessage GEM-IDs, sensor data GEM-IDs and/or ethernet packet GEM-IDs) forpoint to multi-point messages. As a result, the GEM format provides theadvantage of enabling the bus 104 to identify both the immediate sourceand/or destination nodes via the node/epoch ID field 612 while alsoenabling the target devices/port/services to be identified using theGEM-ID field 614.

The GEM packet type field 616 is able to indicate the type and format ofthe header of the message encapsulated within the GEM format (e.g. asreceived from the devices 102 and/or through the ports 99). For example,the field 616 is able to indicate that the message header is a PLOAMmessage, a node management and control interface (NMCI) message, a CANcommand message, sensor data, an ethernet packet, CPU-IO (e.g. PCIe/USB)message and/or a node operation and control report (NOCR) message. Theacknowledgment required field 620 is able to indicate if anacknowledgment message in response to the message is require and thetransmission sequence identifier field 618 is able to identify thetransmission sequence number of the packet 600 within a set of packetsfrom the source node and/or an epoch-ID thereof (for a packet beingburst from the node to the core 200). In some embodiments, it requiresan acknowledgment message from the receiving root port 230 whenindicated by the acknowledgment required field 620. For a packetbroadcast from the root port 230 to a node/gate, the transmissionsequence identifier field 618 is able to identify the transmissionsequence number of the unicast/broadcast/multi-cast GEM-ID (e.g. CANMessage GEM-ID, sensor Data GEM-ID, Ethernet Packet GEM-ID andCPU/PCIe/USB Data-Message GEM-ID). In some embodiments, it requiresacknowledge from receiving root port 230 and/or node when indicated bythe acknowledgment required field 620. The last fragment indicationfield 622 is able to indicate if this packet 600 is the last fragment ofa series of fragments of a large packet and the header errorcorrection/check (HEC) field 622 is able to be used to check the header602 for errors.

FIG. 6C illustrates a detailed view of a GEM header format for a nodereport message according to some embodiments. As shown in FIG. 6C, theheader 602 comprises a GEM type field 606, a report message type field624, a source epoch-ID field 626, a report total size field 628, areport threshold size field 630, a report sequence number field 632, oneor more source node virtual output queue (VOQ) status fields 634 (e.g.CPU-IO, PLOAM, NMCI, CAN, Sensor, Ethernet, or other types), a reportpriority field 636 and a header error correction/check (HEC) field 622.Alternatively, one or more of the fields are able to be omitted and/orone or more additional fields are able to be added. In some embodiments,the GEM type field 606 is two bits, the report message type field 624 istwo bits, the source epoch-ID field 626 is twelve bits, the report totalsize field 628 is fourteen bits, the report threshold size field 630 iseight bits, the report sequence number field 632 is five bits, the oneor more source node virtual output queue status fields 634 are each onebit (or a single field of six bits), the report priority field 636 istwo bits and the header error correction/check (HEC) field 622 isthirteen bits. Alternatively, one or more of the fields are able to belarger or smaller.

The report message type field 624 indicates which type of report header602 (and thus which type of report message) the GEM packet 600 is. Forexample, the report message type field 624 is able to indicate that theheader 602 is one or more of an invalid report message, a node reportmessage for itself (e.g. where the epoch-ID of the source of the packetis mapped to the node-ID of the source of the packet), a node reportmessage for another node (e.g. where the epoch-ID of the source of thepacket is not mapped to the node-ID of the source of the packet), and/ora dying gasp report message (e.g. a message that needs/requests toppriority). The source epoch-ID field 626 is able to be or represent: thesource node's epoch-ID (e.g. for a report for PLOAM and NMCI plusCAN/sensor/ethernet queue flags), the CAN's epoch-ID (e.g. for a reportfor the CAN), the epoch-ID of one of the sensors/nodes (e.g. for areport for the sensor), the ethernet epoch-ID (e.g. for a report forethernet packets) and/or a PCIe/USB epoch-ID (e.g. for a PCIe/USB reportmessage). The report total size field 628 is able to indicate the totalsize of the GEM data within the VOQ (for that epoch-ID and/or Node-ID),whereas the report threshold size field 630 is able to indicate the GEMpacket boundary(ies) within the VOQ (e.g. for use when determining thesize of burst windows granted for the epoch and/or node).

The report sequence number field 632 is able to indicate which number inthe sequence that the message is (e.g. if there are a sequence ofrelated report messages in order to determine if one is lost ormis-sequenced). The one or more source node virtual output queuing (VOQ)status fields 634 are each able to indicate a status of the source nodewith respect to a particular function/type of data (e.g. CPU/IO, PLOAM,NMCI, CAN, sensor, ethernet). The report priority field 636 is able toindicate what priority to give the message (e.g. best efforts, normalbandwidth request priority, CAN message request priority, dying gasprequest priority).

FIGS. 6D and E illustrate a detailed view of two variants of a GEMheader format for a root port bandwidth grant message according to someembodiments. As shown in FIG. 6D, for a node grant message where thenode-ID is the same as the epoch-ID, the header 602 is able to comprisea GEM type field 606, an epoch-ID field 638, a start time field 640, agrant size field 642, a grant flag field 644, a report command field646, a grant command field 648, a force wake-up indicator (FWI) field650, a burst profile field 652 and a header error correction/check (HEC)field 622. Alternatively, one or more of the fields are able to beomitted and/or one or more additional fields are able to be added. Insome embodiments, the GEM type field 606 is two bits, the epoch-ID field638 is twelve bits, the start time field 640 is fourteen bits, the grantsize field 642 is fourteen bits, the grant flag field 644 is one bit,the report command field 646 is three bits, the grant command field 648is two bits, the force wake-up indicator field 650 is one bit, the burstprofile field 652 is two bits and the header error correction/check(HEC) field 622 is thirteen bits. Alternatively, one or more of thefields are able to be larger or smaller.

The epoch-ID field 638 is able to be or represent the epoch-ID of thenode or node-ID that the message is for. The start time field 640 isable to indicate a starting time of the grant window that is beinggranted to the target node (e.g. epoch of that node) and the grant sizefield 642 is able to indicate the size/duration of the grant window. Thegrant flag field 644 is able to indicate whether the window was granted.The report command field 646 is able to indicate what reporting isrequested from the node/epoch/port. For example, the report commandfield 646 is able to indicate one or more of: no node request to send(RTS) status report or force node to report RTS message to port forblackbox and diagnostic test; combined with one or more of: PLOAM andNMCI reporting only forced reporting of CPU-IO messages, CAN messagesand sensor data plus PLOAM/NMCI; forced reporting for ethernet packetsplus CPU-IO/CAN/sensor and PLOAM/NMCI; and/or forced full report ofPLOAM/NMCI/CPU-IO/CAN/sensor/ethernet plus a node operation and controlreport (NOCR). The grant command field 648 is able to indicate what typeof messages/data are granted the burst window. For example, the grantcommand field 648 is able to indicate one or more of: the window is notfor PLOAM and NMCI messages; the grant window is only for PLOAMmessages; the grant window is only for NMCI messages; and/or the grantis for PLOAM, NMCI and NOCR messages. The FWI field 650 is to indicatewhether to force a sleeping node to wake-up and the burst profile field652 is able to indicate a burst configuration (e.g. length, patternand/or other characteristics of the SOB delimiter, EOB delimiter and/orpreamble).

As shown in FIG. 6E, for a GEM grant message where the node-ID is notthe same as the epoch-ID, the header 602 is able to be substantially thesame as the header of FIG. 6D except without the report command field646 and the FWI field 650. Further, unlike in FIG. 6D, the grant commandfield 648 is able to be six bits. Alternatively, the grant command field648 is able to be larger or smaller. Also unlike in FIG. 6D, the grantcommand field 648 is able to indicate a GEM bandwidth grant of differenttypes. For example, the field 648 is able to indicate a bandwidth grantfor: all VOQ/CoS (class of service) based on the nodes's outputscheduling settings, for CAN messages only, for sensor data only, dyinggasp messages only and/or for both CAN messages and sensor data.Additionally, the field 648 is able to force power saving for thenode-ID where the node replies with an acknowledge message.

FIG. 6F illustrates a detailed view of a GEM header format for a controlmessage according to some embodiments. As shown in FIG. 6F, the header602 comprises a GEM type field 606, a control message type field 654,one or more control message fields 656 and a header errorcorrection/check (HEC) field 622. Alternatively, one or more of thefields are able to be omitted and/or one or more additional fields areable to be added. In some embodiments, the GEM type field 606 is twobits, the control message type field 654 is four bits, the one or morecontrol message fields together are forty-five bits and the header errorcorrection/check (HEC) field 622 is thirteen bits. Alternatively, one ormore of the fields are able to be larger or smaller.

The control message type field 654 is able to indicate what type ofcontrol message the message is (e.g. so the control message fields 656and their offsets are known for processing). In some embodiments, thecontrol message type field 654 indicates one or more of: a reportacknowledgment message; a CAN acknowledgment message; a flow controlmessage; a power saving message; and IO event message (e.g. dying gasp);a run-time status message; and/or a timestamp update (e.g. from port tonode). The control message fields 656 are able to include variouscontrol message fields based on the type of control message (asindicated in control message type field 654).

Accordingly, the GEM format provides the benefit of enabling the bus 104to encapsulate varying input data and messages of significantlydifferent types of networks (e.g. controller area networks, opticalnetworks, sensor device broadcasting networks, wireless networks, CPUaccess networks) to one unique format (GEM). This unique format is thenable to facilitate high speed standardized processing and transmissionof the varied data input in both burst and broadcast messages therebyenabling the efficient operation of the multi-network multi-device busarchitecture required for modern machine automation applications.

Burst/Broadcast Frame Format

In some embodiments, the broadcast messages are formatted into aBroadcast-PHY-Frame defined by:Preamble+Start-of-Frame-Delimiter+Frame-Payload, wherein the framepayload includes multiple GEM-Packet data and GEM-Control messages. TheBroadcast-PHY-Frame is able be a fixed frame size (e.g. between 25-125μs). Alternatively, greater or smaller frame sizes are able to be used.For example, for central networks 206 and subnetworks 210 with less nodedevices 204, 208, the frame size is able to be smaller (e.g. 25 μs or 50μs). In some embodiments, the Broadcast-PHY-Frame is constructed tocarry GEM-Packet and GEM-Control messages from the root ports 230 to thegate 202 and/or nodes 204, 208, 234 through the networks 206, 210including optical, copper and wireless networks.

In some embodiments, the burst messages are formatted into aBurst-PHY-Frame defined by: Preamble+Start-of-Frame-Delimiter+FramePayload+End-of-Frame-Delimiter, wherein the frame payload includes oneor more GEM-Packet data and GEM-Control messages. The Burst-PHY-Framesize is able to vary depending on the total Burst-Window size ofnode/gate granted by root port HDBA and/or gate DBA. In someembodiments, the max size of Burst-PHY-Frame (from a gate 202 or a node204, 208, 234) cannot exceed the max Broadcast-PHY-Frame size (e.g.between 25-125 μs). In some embodiments, the Burst-PHY-Frame isconstructed to carry GEM-Packet and GEM-Control messages from gates 202and/or nodes 204, 208, 234 to the root ports 230 and/or gates 202 viathe networks 206, 210 including optical, copper and wireless networks.

FIG. 7A illustrates a Broadcast-PHY-Frame 700 according to someembodiments. As shown in FIG. 7A, the Broadcast-PHY-Frame 700 comprisesa physical synchronization block for broadcast (PSBbc) 702 and abroadcast framing sublayer frame 704 including a GEM control message706, one or more GEM packets 600 and a framing sublayer (FS) trailer708. Each of the GEM packets 600 include a header 602 and a payload 604as described above. In some embodiments, the broadcast FS frame is FECprotected. FIG. 7B illustrates a Burst-PHY-Frame 710 according to someembodiments. As shown in FIG. 7B, the Burst-PHY-Frame 710 comprises aphysical synchronization block unicast start of burst delimiter(PSBuc_sd) 712, a burst framing sublayer (FS) 714 and a physicalsynchronization block unicast end of burst delimiter (PSBuc_ed) 716. ThePSBuc_sd 712 is able to include a preamble 718 and a start of burst(SOB) delimiter 720 and the PSBuc_ed 716 is able to include an end ofburst (EOB) delimiter 722. The burst FS 714 is able to include a FSheader 724, one or more epochs 726 and an FS trailer 708. Each of theepochs 726 are able to include one or more GEM packets 600 having aheader 602 and a payload 604 as described above. In some embodiments,the burst FS frame is FEC protected. In particular, by including an EOBdelimiter (in addition to the SOB delimiter and a size of the frame),the structure 710 enables a sniffer, analytics engine or other elementto monitor the traffic within the bus 104 because it enables the elementto determine the end of each burst frame based on the EOB delimiterdespite not knowing/accessing the size of the frame.

FIG. 7C illustrates a gate Burst-PHY-Frame 728 according to someembodiments. As shown in FIG. 7C, the gate Burst-PHY-Frame 728 is ableto comprise one or more Burst-PHY-Frames 710 combined together into asingle combined burst-PHY-frame having a single preamble 729 and one ormore gaps 730. In particular, as described in detail below, the gates202 are able to receive burst frames 728 from one or more subnodes 208as well as one or more IO ports 99 (for which they serve as a virtualnode) and combine those frames 728 into a combined gate Burst-PHY-Frame728 as shown in FIG. 7C. As a result, the system 100 provides theadvantage of more efficient message communication via combined burstframes as well as less overhead per frame by using only a singlepreamble for the combined frame as a whole instead of a separatepreamble for each combined burst frame (whose preamble can be up to 256bytes each or more).

FIG. 8 illustrates a method of operating the intelligent controller andsensor intranet bus 103 according to some embodiments. As shown in FIG.8, one or more of the nodes 204, 208 input one or more messages from theone or more of the devices 102 coupled to the one or more of the ports99 at the step 802. The nodes 204, 208 encapsulate the messages into thegeneric encapsulation mode (GEM) format for transmission to the centralprocessing core 200 at the step 804. If the destination(s) of the inputmessages is a node 234 inside the core 200, the core decapsulates,processes and transmits the messages to their destination(s) withoutre-encapsulation at the step 806. Otherwise, if the destination(s) ofthe input messages is one or more other nodes 204, 208 (outside the core200), the core 200 decapsulates, processes and re-encapsulates themessages back into the GEM format for broadcast to their destination(s)at the step 808. The nodes 204, 208 decapsulate the messages as receivedfrom the core 200 from the GEM format to an original format of the inputdata as received from one of the devices 102 at the step 810.Alternatively, if the input messages are input from nodes 234 inside thecore 200 they are able to be input and processed by the core 200(without being encapsulated) and only encapsulated by the core 200 forbroadcast if their destination is one or more nodes 204, 208 outside thecore 200. As a result, the method provides the advantage of enabling thecommunication of many different types of data (e.g. sensor, controllerbus, ethernet, or other types of data), more efficient messagecommunication via combined burst frames, and less overhead per frame byusing only a single preamble for the combined frame as a whole insteadof a separate preamble for each combined burst frame.

Core

The core 200 is able to comprise a core switch 228, one or more rootports 230 (internal ports), a central processing unit 232 and one ormore core nodes 234 having IO ports 99 (external ports). In someembodiments, the core 200 further comprises a secure memory (e.g. securedigital (SD) memory) node 236 for storing data in a black box memory238. Alternatively, the SD node 236 and/or memory 238 are able to beomitted. The core nodes 234 enable a user to couple a user plug-inmodule (e.g. CPU core, WIFI LTE/5G, User Application software) directlyto the core 200 bypassing the networks 206, 210.

The core switch 228 comprises a forwarding engine element, a queuingbuffer manager and a traffic manager. Forwarding engine element is ableto comprise a plurality of forwarding engines. For example, it is ableto include one engine used for L2/L3/L4 Ethernet header parser, lookupand classification/access control list (ACL) function, including L2medium access control (MAC) Address learning and forwarding functions,L3 internet protocol (IP) Address to GEM-ID Routing/mapping. Additional,one engine is able to be used for GEM Header message parser, lookup, ACLand forwarding and/or another is able to be used to support DOS attackfunctions to protect the bus 104 from external internet DOS attack. TheGEM-Queuing-Buffer Manager is able to be a centralized bufferingarchitecture, which employs link-list based buffer and queuing memorymethods combining store-N-forward and cut-through forwarding schemes.For latency sensitive GEM-Packet and GEM-Messages, it is able to use acut-through forwarding scheme and for congestion GEM-Packets it is ableto use store-N-forward scheme. Both schemes are able to be dynamicallymixed together and dynamically switched between each other depending onthe run-time traffic congestion situations. The GEM-Traffic Managersupports GEM-ID and NODE-ID base dual-token policing, single-tokenrate-limiting and output shaping functions, including related managementinformation base (MIB) counters. GEM-ID base weighted random earlydetection (WRED) and Tail-Drop functions are able to be supported aswell as early traffic congestion detection and indication and feedbackmechanisms to notify hybrid dynamic bandwidth allocation mechanisms(HDBA), root ports 230, gates 202 and nodes 204, 208, 234 to slow downtraffic transmission in order to avoid traffic congestion fromoccurring.

As a result, the core switch 228 is able to provide the functions of oningress, the switch 228 receives GEMs from one or more of the root ports230, local nodes 234, computer 232 and/or other IO ports, processes theGEMs and on egress, forwards and transmits the received GEMs to one ormore of the root ports 230, local nodes 234, computer 232 and/or otherIO ports. In other words, the switch 228 is able to accept GEM-Packetsfrom multiple sources; perform GEM and Ethernet L2/L3/L4 header parsing,L2 MAC lookup and learning, GEM message and 5-tuple ACL andclassification; modify GEM-Header and GEM payload Ethernet header (ifnecessary); and store and forward GEM-Packet (or cut-through buffermemory) to one or multiple hybrid automatic repeat request (HARQ)functional blocks and the broadcast-MAC of one or more root ports 230.

In performing this processing and/or forwarding function, the switch 228is able to support hybrid store- and forward and cut-through forwardingschemes in order to reduce propagation latency for latency sensitiveGEMs and provide big enough buffering for over burst GEM traffic.Additionally, the switch 228 is able to support instant-flow-controlmechanisms within the bus 104, including hybrid dynamic bandwidthallocation and granting to ensure overall quality of service (QoS)across the bus 104. Further, the switch 228 is able to support L2/L3/L4ACL and classification, L2 MAC address learning and forwarding, L3 IPaddress to GEM-ID routing/mapping, as well as DOS attack protection.Finally, the switch 228 is able to support QoS scheduling, GEM bufferingWRED/Tail dropping, node and/or GEM policing and output shapingfunctions.

Root Ports

The root ports 230 are able to comprise a root transmission MAC, a rootreception MAC, a security engine (e.g. advanced encryption standard(AES)), a forward error correction (FEC) engine, a hybrid dynamicbandwidth allocation (HDBA) engine, an activation processor (e.g.activation state machine) and a burst-mode SERDES IP. Alternatively, oneor more of the above elements are able to be omitted. The transmissionMAC of each of the root ports 230 is responsible for accepting GEMsready for egress from switch 228 and/or HARQ; map and pack the GEMs intoa broadcast frame format (e.g. Broadcast PHY-Frame structure); andbroadcast the GEMs to all of the gates 202 and/or nodes 204 on thecentral transmission network 206 to which the root port 230 is coupled(e.g. through root SERDES and optical/copper network broadcast domains).Conversely, the reception MAC of each of the root ports 230 isresponsible for receiving GEMs in a burst frame format (e.g.Burst-PHY-Frame structure) from Burst-Mode SERDES and gates 202 and/ornodes 204, 208; extracting the GEMs from burst frame format; parsing theGEM-header of the GEMs; and accepting the GEMs addressed to it (e.g.based on the GEM-Header and system service level agreement (SLA) profilesettings), then outputting the GEMs/data to the switch 228 for furtherprocessing and forwarding. In other words, the root ports 230 are eachable to receive burst traffic from the nodes 204 and/or gates 202(forwarded from nodes 208 in the subnetwork 210 of the gate 202),convert the burst traffic to the correct format for processing by theswitch 228 and then reformat and broadcast output traffic to all of thenodes 204 and nodes 208 (via the gates 202) to destinations as directedby the switch 228.

The hybrid dynamic bandwidth allocation (HDBA) engine is responsible forreceiving reports about bandwidth usage, traffic congestion and otherfactors (e.g. NODE-DBA Reports); performing HDBA analysis based on anSLA profile for the node/port/device associated with each report, theDBA-Report data itself and committed information rate (CIR)/peakinformation rate (PIR) feedback; and granting burst windows to each NODEdevice and assigned port/EPOCH-ID. In other words, the HDBA engineinputs data from each of the nodes 204, 208 (of the network 206associated with the root port 230 and subnetworks 210 thereof) and/orother sources about bandwidth usage/traffic congestion and dynamicallyallocates burst transmission window start times and/or sizes to each ofthose nodes 204, 208. In performing this allocation for the nodes 208within the subnetworks 210, the gate 202 that provides access to thenodes 208 is transparent to the HDBA engine. As a result, as describedin detail below, the gate 202 receives the desired data and performs theburst transmission within the assigned windows for each of the nodes 208of the gate's 202 subnetwork 210. The HDBA engine is also able issuereporting acknowledgment messages (GEM-Report-ACK message) to nodes 204,208 to confirm that the report messages (GEM-DBA Reports) were received.

The root Activation State-Machine is responsible for performing andcompleting node 204, 208, 234 device activation and registration throughactivation processes and procedures by exchanging physical layeroperations, administration and maintenance (PLOAM) GEM messages betweennodes 204, 208, 234 and the root port 230. The security engine is ableto be an AES-128/256 encryption and decryption functional block used forboth the reception and transmission MACs. Alternatively, otherencryption is able to be used. The forward error correction (FEC) engineis used for controlling errors in data transmission over unreliable ornoisy communication channels. In some embodiments, the FEC engine usesReed Solomon FEC coding schemes of RS(255,216) and RS(225,232) for 10Gand 2.5G data rates, respectively. Alternatively, the FEC engine is ableto user low-density parity-check (LDPC) schemes and/or other FECalgorithms. The burst-mode SERDES uses fast clock and data recovery(CDR) locking mode to ensure proper burst messages (e.g.burst-PHY-Frames) are received correctly. In some embodiments, the fastlocking function of CDR is required in fiber-cut, fast fail-over andprotection switch recovery.

Finally, after a registration process, the root ports 230 receivebroadcast data distribution service (DDS) messages from nodes 204, 208that notify the root port 230 that new nodes/devices have joined andregistered to bus 104. Accordingly, the root ports 230 are configured toalways listen and accept these data distribution service (DDS) messagesfrom the switch 228 and new node's 204, 208 declaration of joining thebus 104, and update the Root-Port SLA profile database and settings toreflect the newly added nodes/devices.

Nodes

The edge nodes 204, 208, 234 provide a bridge function within the bus104 to interface with external devices 102 via the IO ports 99 on oneside and connect to bus intranet 104 on the other side. In order toprovide data from the devices 102 coupled to the ports 99 of the nodes204, 208, the nodes 204, 208, 234 construct and transmit burst messages(e.g. Burst-PHY-Frames of the data encapsulated as GEMs) through the bus104 to the other nodes 204, 208 via the root port 230 (of the network206 of which they are a part or a subnetwork 210 thereof). Further, inorder to provide data to the devices 102 coupled to the ports 99 of thenodes 204, 28, the nodes 204, 208, 234 receive broadcast message (e.g.Broadcast-PHY-Frames of the data encapsulated as GEMs) from other nodes204, 208 via the root port 230 (of the network 206 of which they are apart or a subnetwork 210 thereof), extract the data from the broadcastmessages (e.g. GEMs from RX BC-PHY-Frames), and filter and accept thedata that belongs (is addressed to) the node 204, 208.

To perform these and other functions, the edge nodes 204, 208 are ableto comprise one or more IO ports 99, an encapsulation/decapsulationengine, a HARQ block and a node MAC. Each of the ports 99 is able to beone of a CPU interface (e.g. PCIe, USB and UART), a sensor interface(e.g. MIPI, analog to digital converter (ADC), GPIO), an internetinterface (e.g. Ethernet, EtherCAT, and CAN-Bus), and a motor moduleinterface (e.g. pulse width modulation (PWM), I²C, ADC and GPIO). Theencapsulation/decapsulation engine accepts input data from the ports 99and encapsulates received data packets, commands (CMD) and messagesreceived from the internet ports (e.g. Ethernet, Wi-Fi), sensorinterfaces, motor module interface and CPU (e.g. PCIe and USB) to theGEM format at the ingress. The nodes 204, 208 then are able to output tothe encapsulated messages (e.g. GEMs) to the HARQ and/or nodetransmission MAC (described below). At the egress, it acceptsGEM-packets from the node reception MAC (received from the root port 230and/or another node 204, 208, 234) and decapsulates the GEM back to theoriginal data format (as received from the coupled device 102) foroutput to the device 102 via one of the ports 99. Like in the root ports230, the HARQ of the nodes 204, 208 perform the hybridautomatic-repeat-request function to ensure that the GEM-Packets aredelivered to their destination node or nodes 204, 208, 234 successfully.Specifically, the HARQ is able to be built-in with a repeat transmittimer, transmit GEM list flag table and receipt acknowledgment checkingfunction (e.g. GEM RX-Acknowledge) to trigger GEM re-transmission whentimer time-out occurs without receiving the acknowledgment.

The node MAC comprises a transmission MAC (TX MAC), a reception MAC (RXMAC), a security engine (e.g. AES), a forward error correction (FEC)engine, a DBA-Report engine and SERDES IP. The TX MAC is responsible formapping/packing GEMs into a burst structure (e.g. Burst-PHY-Framestructure) and transmitting the burst messages to root ports 230 and/ornodes 204, 208, 234 during the burst window for the node granted by thedynamic burst allocation engine of the root port 230 for that node. TheRX MAC is responsible for receiving and terminating broadcast messages(e.g. Broadcast-PHY-Frames) from root ports 230 and/or nodes 204, 208,234, extracting GEMs from the broadcast message format, parsing andaccepting GEMs addressed to it (e.g. addressed to one of its ports 99)based on the node's SLA Profile setting, and subsequently outputting thedata to the encapsulation/decapsulation engine.

The DBA report engine reports total data packet and message in queues(e.g. EPOCH Queues) to the HDBA engine of the associated root port 230through the burst reporting (as described above). Additionally, the DBAreport engine accepts GEM-Grant messages from the HDBA of the associatedroot port 230 and/or the DBA of the associated gate 202, and preparesthe node transmission MAC to build a burst message (e.g.Burst-PHY-Frame) with the GEMs stored in the queues (e.g. EPOCH Queues).

The node activation processor is responsible for performing andcompleting the node 204, 208, 234 activation process and proceduresbetween nodes 204, 206, 234 and root ports 230. The security engine isable to be an AES-128/256 encryption and decryption functional blockused for both the reception and transmission MACs. Alternatively, otherencryption is able to be used. The FEC engine is used for controllingerrors in data transmission over unreliable or noisy communicationchannels. In some embodiments, the FEC engine uses Reed Solomon FECcoding schemes of RS(255,216) and RS(225,232) for 10G and 2.5G datarates, respectively. The burst-mode SERDES uses fast clock and datarecovery (CDR) locking mode to ensure fast fiber-cut, fast fail-over andprotection switch recovery.

Finally, after activation processing (e.g. after the registrationprocess is complete), the nodes 204, 206, 234 are able to broadcast aDDS message to entire bus 104 to inform and notice the root ports 230,switch 228, gates 202 and/or other nodes 204, 206, 234 that a new devicehas joined and registered to bus 104 at that node 204, 208, 234.Further, the nodes 204, 206, 234 are able to listen to DDS messages fromthe switch 228 and other new the nodes' 204, 206, 234 declaration ofjoining the bus 104 and update their global SLA profile database andsettings based on the DDS messages.

Gates

The gates 202 are able to comprise a node MAC (with multiple Virtualnode State-Machines and buffering), an adaptive domain bridge (ADB), aroot port MAC (with built-in gate DBA functionality/gate DBA), a gateSLA profile database and a burst-mode SERDES. The node MAC comprises oneor more of a transmission MAC, reception MAC, security engine (e.g.AES), FEC engine, DBA report functional module, SERDES functional moduleand/or multiple sets (e.g. one for each node within the subnetwork 210)of virtual node processors, virtual node profiles and settings, andrelated MIB counters and reporting logics. The transmission MAC receivesGEMs from the gate ADB and maps and packs then into their associatedvirtual node burst structure (e.g. Burst-PHY-Frame structure) based onthe gate's virtual node SLA Profile database settings. Further, thetransmission MAC aggregates multiple virtual node burst structures (e.g.Burst-PHY-Frames) into one gate burst structure (e.g. GATE/TurboBurst-PHY-Frame) and transmits burst message to the root port 230through the network 206 based on the granted burst window for thosenodes 208 received from the HDBA of the root port 230. The nodereception MAC receives broadcast messages (e.g. Broadcast-PHY-Frames)from the root port 230, extracts GEMs from the messages, parses theheaders of the GEMs, determines which messages are for nodes 208 withinthe subnetwork 210 of the gate 202 based on the GEM-Headers and virtualnodes SLA Profile database settings and outputs those messages to theADB.

The ADB performs a bridging function between the node MAC and the rootMAC of the gates 202. Specifically, in the broadcast direction (from theroot port 230 to the nodes 208), the ADB receives GEMs from nodereception MAC and performs a GEM header lookup, checking and filteringfunction based on the gate virtual node profile database in order toaccept GEMs belonging to nodes 208 of the gate's 202 subnetwork 210. TheADB is then able to output those GEMs to root port transmission MAC ofthe gate 202. In the burst direction (from the nodes 208 to the rootport 230), the ADB receives GEMs from root reception MAC, stores them intheir associated virtual node buffer memory, and output them to thevirtual node transmission MAC when their burst window start timearrives.

The root port MAC of the gates 202 comprise a transmission MAC, areception MAC, a security engine (e.g. AES), an FEC engine, a gate DBAand burst mode SERDES modules. The transmission MAC is responsible foraccepting GEMs from ADB, mapping and packing the GEMs into a broadcastformat (e.g. Broadcast-PHY-Frame structure), and outputting thebroadcast formatted frames to burst-mode SERDES. The reception MAC isresponsible for receiving burst messages (e.g. Burst-PHY-Frames) fromburst-mode SERDES (e.g. a far end node), extracting the GEMs from themessages, parsing and accept only GEMs targeted for nodes 208 within thegate's 202 subnetwork 210 (as indicated based on the parsed GEM headersand the SLA Profile settings), and then outputting the GEMs to the ADBof the gate 202. The DBA of the gate 202 is an extension HDBA of theroot ports 230. The gate DBA grants and allocates node burst windowsbased on the gate DBA SLA profile settings (which is a subset of theroot HDBA). The gate SLA profile database includes a list of nodeidentifiers belonging to this gate 202 (e.g. located within thesubnetwork 210 of the gate 202), an SLA profile table of nodeidentifiers for a gate DBA function and GEM forwarding information. Theburst mode SERDES accepts broadcast messages (e.g. Broadcast-PHY-Frames)from the root transmission MAC and transmits to nodes 208 in thesubnetwork 210 in the broadcast transmission direction. In receptiondirection, the burst-mode SERDES receives burst messages (e.g.Burst-PHY-Frames) from nodes 208 through the subnetwork 210 and outputsthem to the root reception MAC for message/frame termination and GEMextraction.

The main function of gates 202 is to extend the central transmissionnetwork 206 of one of the root ports 230 by bridging to one or moresubnetworks 210 (and the nodes 208 therein) through adaptive bridging.In particular, the gates 202 are able to burst messages from the nodes208 and/or other gates 202′ within their subnetwork 210 to the root port230 of the network 206 they are in as if the burst traffic were comingfrom nodes within the central transmission network 206. Similarly, thegates 202 are able to broadcast messages received from other nodes 204,208, 234, the switch 228 and/or root port 230 to the nodes 208 and/orother gates 202′ within their subnetwork 210 they are in as if the nodes208 and/or other gates 202′ were within the central transmission network206. As a result, the gates 202 are able to extend the centraltransmission networks 206 to additional nodes 208 and/or different typesof subnetworks 210 while maintaining a burst/broadcast communicationmethod within the central transmission networks 206.

In more detail, in the transmission Burst direction (e.g. from thenodes/gates to the root ports/switch/core), the burst window grantingmechanism from node 208 to gate 202 to root 230 is able to comprise thefollowing steps. First, the DBA of the gate 202 is a subset of the HDBAof the root port 230 (of the network 206 that the gate 202 is a part of)and therefore is transparent to the root port 230 and nodes 208. Second,when the gate 202 receives a burst window grant message (e.g. GEM-Grantmessage) broadcast from its root port 230, it uses the message header(e.g. GEM-Header) to lookup gate SLA profile database for GEM forwardinginformation. In other words, it uses the header data to determine if thegrant message is for any of the nodes 208 within its subnetwork 210 asindicated in the gate SLA profile database. If the grant message is notfor any of the nodes 208 of its subnetwork 210 the gate 202 drops thegrant message, otherwise, the gate stores the message in its virtualnode database, updates the database and broadcasts a new window grantmessage (e.g. GEM-Grant message) to all the nodes/gates in itssubnetwork 210 that is directed to the node 208 to which the originalgrant message was directed. In response, the node 208 provides a burstmessage to the gate 202 and the gate 202 formats and/or otherwiseprepares the message for bursting to the root port 230 at the burstwindow start indicated in the received window grant message for thatnode 208.

Third, in order to get best throughput bandwidth, high burst bandwidthefficiency and/or low transmission latency, gate 202 is able to adjustthe grant window indicated in this new grant message to be at least apredetermined amount of time before the grant window indicated in theoriginal grant message. In particular, this amount of time provides thegate 202 time to receive and format the burst data from the node 208before bursting the data from the gate 202 to the root port 230 at thetime indicated by the original window grant message. Indeed, by doingthis for multiple nodes 208 at the same time, the gate 202 is able toaggregate the messages from multiple different nodes (e.g. multipleBurst-PHY-frames) into a single bigger burst message (e.g. GATEBurst-PHY-Frame).

Fourth, due to the protocols between gate traffic DBA reporting and theroot port 230 window granting, root port 230 and gates 202 are able tomaintain a group-membership list table and be aware of the virtual nodes208 that each of the gates 230 below to as a group. Thus, when a node208 issues a report message (e.g. GEM-Report) to HDBA of the root port230, the gate 203 is able to intercept the report message, modify it toinclude the GEMs data temporarily stored in gate's 202 virtual nodebuffer memory if there is any, and issue a new report message to HDBA ofthe root port 230. In other words, the gates 202 are able to combinereporting messages from the nodes in their subnetworks 210 in order tomake the reporting more efficient.

Additionally, when HDBA of the root ports 230 are issuing a grantmessage (e.g. GEM-Grant message) to nodes 208 that are in a subnetwork210, because they are aware of all of the nodes 208 that are in thatsubnetwork 210 (e.g. via the virtual node database), the HDBA of theroot ports 230 are able to ensure that the grant windows for nodes 208that belong to the same gate 202 and/or subnetwork 210 are insequence/continuous order so that the gate 202 is able to combine and/orburst all the virtual node's burst messages (e.g. burst-PHY-Frames)without each having a preamble except for the first one. This providesthe benefit of reducing preamble overhead and increasing the burstbandwidth efficiency (especially for small bursts of GEM-Controlmessages).

In other words, for the data-path, the gates 202 receive burst messages(e.g. burst-PHY-frames) from burst-mode SERDES and far-end nodes 208,extracts the GEMs from the messages in the root reception MAC of thegate 202, stores the GEMs in their associated virtual NODE buffer memoryand waits for the virtual node burst window grant to come in from theroot port 230 for those virtual nodes 208. Then, the gates 202 are ableto map and pack the stored GEMs for that node 208 and other nodes 208back into the burst message format thereby aggregating multiple burstmessages together into one bigger burst message in the node transmissionMAC of the gates 202. Finally, the gates 202 are able to transmit thisbigger burst message to the SERDES and to the root port 230 through thenetwork 206 based on granted burst windows (e.g. the multipleconsecutive virtual node burst windows of that gate 202).

Now looking to the broadcast direction (e.g. from the rootports/switch/core to the nodes/gates), again the gates 202 are able toextend central networks 206 to the subnetworks 210 while beingtransparent to both the root port 230 for their network 206 and thenodes 208 in their subnetwork 210. In order to effectuate this, thegates 202 are able to act like virtual nodes and receive broadcastmessages (e.g. Broadcast-PHY-Frames) from the root ports 230, extractthe GEMs from the messages, drop any GEMs that are not directed to oneof the nodes 208/gates 202′ in their subnetwork 210 (e.g. as indicatedby the message headers and the gate SLA profile database). Otherwise,the gates 202 are able to use store-N-forward and/or cut-through schemesto pack and map the GEMs back into the root port broadcast messagestructure (e.g. Broadcast-PHY-Frame structure) in a root transmissionMAC of the gate 202 and broadcast the new broadcast message to all thenodes 208 and/or gates 202′ in its subnetwork 210.

Data Transmission Operation

In operation, the bus 104 operates using a burst/broadcast communicationscheme wherein all data messages from the nodes 204, 208, 234 (and gates202) are funneled to the core 200 using a burst transmission methodwhere transmission windows that are dynamically adjustable in size (bythe core 200) are granted to the nodes 204, 208, 234 such that they (ora gate 202 on their behalf) are able transmit their data messages as a“burst” within the granted window. If the transmitting node is in asubnetwork 210, the gate 202 (acting as a root port of that network 210)receives the bursted message from the node 208 through the subnetwork210 and then subsequently bursts the message through the central network206 to the core 200 (as if the node 208 was a part of the centralnetwork 206). In doing this burst communication, the gate 202 is able toaggregate burst messages from multiple nodes 208 within the subnetwork210 thereby increasing efficiency and reducing the effects of thesubnetwork's 210 possibly increased latency relative to the centralnetwork 206. Indeed, this is able to be repeated for gates 202′ withinsubnetworks 210 that provide a gate way to sub-subnetworks 210′ and soon to support any number of “chained/gated” networks. Further, the gate202 is able to be transparent to the core 200 and nodes 208 in thisprocess such that messages do not need to be addressed to the gate 202.

The core 200 receives these messages (from one or more root ports 230coupling the core 200 to each of the central networks 206), processesthem (including modifying and/or determining their target destination),and broadcasts them (and any messages originating in the core 200) ontowhichever central transmission network 206 the target node 204, 208, 234(or gate 202 representing the target node 208) for that message islocated. Like the burst communication above, if the target node 208 iswithin the subnetwork 210, the gate 202 bridging to that subnetwork 210is able to receive/intercept the message from the core an rebroadcastthe message to all of the node 208 (and/or gates 202′) on the subnetwork210. Any broadcast messages for target nodes 204 not on the subnetwork210 (or a subnetwork thereof) are able to be discarded by the gate 202in order to increase efficiency. Again, this process is transparent andable to be repeated by gates 202′ within subnetworks 210 and so on forany number of chained networks to broadcast the messages through thenetworks. As a result, all the nodes 204, 208, 234 (and gates 202) oneach of the networks 206 (and subnetworks 210 coupled thereto) receiveall of the messages from the core 200 broadcast on that network 206 andmerely need to look for which messages are directed to them whilediscarding the others.

In more detail, when the nodes 204, 208, 234 receive data from one ormore external devices 102 through one or more of their IO ports 99, theystore the data in a GEM-ID queue buffer memory and burst a reportmessage (e.g. GEM-Report) to the root port 230 of the central network206 that they are in (either directly or through one or more gates 202if they are in a subnetwork 210 of the central network 206) and wait tobe granted a burst window to transmit the input data. As describedabove, the gates 202 are able to collect and aggregate report messagesfrom a plurality of the nodes 208 (and or gates 202′) in theirsubnetwork 210 into a single bigger report message that the gate 202 isable to more efficiently burst to the root port 230 during the burstwindow for those ports 208.

At the same time, the nodes 204, 208, 234 are able to encapsulate theinput data into the GEM format (fragmenting GEMs exceeding a predefinedsize into smaller GEMs), encrypt GEMs with the security key of the node204, 208, 234, update the HARQ table, map and pack the GEMs into a burstformat (e.g. Burst-PHY-Frame format) and perform encoding (e.g. FECRS(255,216) encoding). Subsequently, upon grant and arrival of the burstwindow for each of the nodes, the nodes burst the GEMs including theinput data to the associated root port 230.

The HDBA of the root ports 230 receive all of the report messages fromthe nodes 204, 208 (and/or gates 202) and perform a DBA analysis foreach of the nodes 204, 208 based on the SLA profile database, latencysensitive level, traffic congestion feedback, committed information rate(CIR)/peak information rate (PIR) feedback and/or other factors todetermine grant window burst size and start-time for each of the nodes204, 208. Once the granted burst windows have been determined for one ormore of the nodes 204, 208, the root port 230 broadcasts the windows toeach of the nodes in a broadcast grant message (e.g. GEM-Grant) to allof the nodes 204, 208 in the associated central network 206 and/or anysubnetworks 210 (via the gates 202). As described above, the broadcastmessages from the root ports 230 are the same size, whereas the burstwindows from the nodes 204, 208 to the root ports 230 are able to varyin size as dynamically assigned by the HDBA.

The gates 202, upon receipt of the broadcast grant messages targetingnodes 208 within their subnetwork 210 (or a subnetwork thereof),broadcast new grant messages to all of the nodes 208 with the subnetwork210. Specifically, these new grant messages are able to specifying burstwindows that occur before the time indicated by the original/root portgrant window. This is to ensure the gates 202 to receive (e.g. be“bursted”) the input data/GEMs from the port 208 before theoriginal/root port grant window, thereby giving the gates 202 time toaggregate the data/GEMs from multiple nodes 208 and/or ports 99 intosingle larger messages for burst to the root port 230 when theoriginal/root port grant window arrives. As a result, the gates 202 areable to make up for inefficiencies and/or slower aspects of thesubnetworks 210 such that they do not slow down the efficiency of thecentral transmission networks 206.

Upon receipt of the burst messages including the GEMs (including theinput data from the external devices 102), the root ports 230 are ableto perform decoding (e.g. FEC RS(255,216) decoding) and error correctionon the burst messages to decode and correct any transmission errors. Theroot ports 230 are then able to extract the GEMs from the burst messages(e.g. the transmission frame format), decrypt the extracted GEMs (e.g.with AES-128/256 and a source-node security key), bypass the GEMfragmentation block and pass GEMs to the switch 228. For each of theGEMs, the switch 228 is then able to perform a GEM-Header lookup, parseand classify Ethernet L2/L3 address and headers, process GEM forwardflow-chart and determine GEM forwarding destination info, store the GEMin (cut-through) buffer-memory, and output the GEM to HARQ and to thedestination root port 230 (e.g. the root port 230 whose network 206 orsubnetwork 210 thereof includes the destination node 204, 208) based onthe SLA database QoS output scheduler.

The root ports 230 receive the GEMs, perform GEM encryption (e.g.AES-128/256 encryption) with target node's (or broadcast GEM's) securitykey, pack and map GEMs into a broadcast message structure (e.g.Broadcast-Frame structure), encode the message (e.g. FEC RS(255,216)encoding), and finally broadcast the broadcast messages to all of thenodes 204, 208 in that root port's network 206 and subnetworks 210thereof. If the node 208 is within a subnetwork 210, the gate 202 tothat subnetwork receives the broadcast message and broadcasts themessage to all of the nodes 208 within the subnetwork 210. In someembodiments, the gates 202 filter out any broadcast messages that arenot targeted to nodes 208 within its subnetwork 210 (or a subnetworkthereof) and only broadcasts the broadcast messages that do target oneof those nodes 208. Alternatively, the gates 202 are able to rebroadcastall of the broadcast messages to the nodes 208 within its subnetwork 210without determining if the messages relate to one of those nodes 208.

All the nodes 204, 208 monitor the received broadcast messages,processing those intended for the node 204, 208 and discarding theothers. Specifically, for the non-discarded messages, the nodes 204, 208decode and error correct the messages (e.g. FEC RS(255,216) decoding),extract the GEMs from the broadcast message format (e.g. BC-PHY-Frame),decrypt the extracted GEM (e.g. with AES-128/256 and the destinationnode's security key), decapsulate the data from the GEM format back tooriginal IO-Port data format, and output the data through the designatedIO port 99 to the external device 102. As a result, the bus 104 andsystem 100 provides the benefit of being able to combine multipledifferent networks having varying input data, varying processing speedsand data constraints while still maintaining low latency and highthroughput needed for machine automation systems. This is a uniqueintranet system architecture and specially defined and optimized forsuch machine automation applications.

FIG. 4 illustrates a block diagram of an exemplary computing device 400configured to implement the system 100 according to some embodiments. Inaddition to the features described above, the external devices 102 areable to include some or all of the features of the device 400 describedbelow. In general, a hardware structure suitable for implementing thecomputing device 400 includes a network interface 402, a memory 404, aprocessor 406, I/O device(s) 408 (e.g. reader), a bus 410 and a storagedevice 412. Alternatively, one or more of the illustrated components areable to be removed or substituted for other components well known in theart. The choice of processor is not critical as long as a suitableprocessor with sufficient speed is chosen. The memory 404 is able to beany conventional computer memory known in the art. The storage device412 is able to include a hard drive, CDROM, CDRW, DVD, DVDRW, flashmemory card or any other storage device. The computing device 400 isable to include one or more network interfaces 402. An example of anetwork interface includes a network card connected to an Ethernet orother type of LAN. The I/O device(s) 408 are able to include one or moreof the following: keyboard, mouse, monitor, display, printer, modem,touchscreen, button interface and other devices. The operatingsoftware/applications 430 or function(s)/module(s) thereof are likely tobe stored in the storage device 412 and memory 404 and processed asapplications are typically processed. More or fewer components shown inFIG. 4 are able to be included in the computing device 400. In someembodiments, machine automation system hardware 420 is included.Although the computing device 400 in FIG. 4 includes applications 430and hardware 420 for the system 100, the system 100 is able to beimplemented on a computing device in hardware, firmware, software or anycombination thereof.

FIG. 5 illustrates a method of operating a machine automation system 100including an intelligent controller and sensor intranet bus 104according to some embodiments. As shown in FIG. 5, the nodes 204, 208receive input data from a plurality of the external devices 102 via oneor more ports 99 of the bus 104 at the step 502. The nodes 204, 208burst the input data as burst messages to the core 200 in variable sizeburst windows at the step 504. In some embodiments, for each of thenodes 204, 208, the HDBA of the root ports 230 dynamically adjusts theburst window start time and size of the variable burst window and assignthe adjusted window the corresponding node 204, 208 in a broadcast grantwindow message based on data traffic parameters reported from that oneof the nodes 204, 208. In some embodiments, the gates 202 aggregate twoor more burst messages including input data and/or traffic reportingreceived from the nodes 208 into single larger burst reporting or inputdata message for bursting to the core 200. In such embodiments, thegates 202 are able to omit portions of the received burst messages (e.g.preambles) in order to enhance the efficiency of the bus 104. In someembodiments, upon receiving the broadcast window grant messages from thecore 200, the gates 202 adjust the original time of the burst window toan earlier time and broadcast the adjusted broadcast window grantmessages to the nodes 208. As a result, the nodes 208 burst their datato the gates 202 before the window granted by the root port 230 suchthat the gates 202 are able to combine multiple burst messages togetherand burst them in the later original time window. The core 200 processesand broadcasts the input data as broadcast messages to each of the nodes204, 208 within the central network 206 and subnetworks 210 required toreach the target node 204, 208 of the message at the step 506. Thetarget node 204, 208 converts data of the broadcast message into aformat accepted by the device 102 coupled to the node 204, 208 andoutputs the data to the device 102 at the step 508. As a result, themethod provides the advantage of enabling the bus 104 to maintain highspeed despite the use of lower speed network mediums.

Message Retransmission Mechanism

When a node 204, 208 transmits a Burst-PHY-Frame to a root port 230 ofthe core 200 or vice-versa for a broadcast-PHY-frame (e.g destined forthe core 200 and/or one or more other nodes/devices coupled to the bus104), there is no guarantee every Burst/broadcast-PHY-Frame will bedelivered to the root/nodes successfully. Therefore, the system 100employs a message retransmission mechanism implemented by the nodes 204,208 and the root ports 230 and/or core 200 in order to compensate forerrors in message transmission.

FIG. 18 illustrates a message retransmission mechanism of the bus 104according to some embodiments. As shown in FIG. 18, each of the nodes204, 208 include a node initiator 1802 and a node acknowledger 1804,each of the gates 202 include a gate initiator 1806 and a gateacknowledger 1808 (which are able to implement one or more virtualinitiators/acknowledgers for any virtual nodes implemented by the gate202), and the core 200 includes a core initiator 1810 and a coreacknowledger 1812 that is shared by each of the root ports 230 (which isable to implement virtual initiators/acknowledgers for each node 204,208 coupled with each of the roots 202). In particular, the coreacknowledger 1812 is able to implement a virtual acknowledger for eachof the nodes 204, 208 that is dedicated to acknowledging messagesreceived from those nodes. Similarly, the core initiator 1810 is able toimplement a virtual initiator for each of the nodes 204, 208 that isdedicated to initiating the re-send mechanism for messages (e.g. unicastmessages) sent to those nodes. Additionally, the core initiator 1810 isable to also implement a virtual broadcast initiator for each root port230 that is dedicated to initiating the re-send mechanism for messages(e.g. broadcast messages) broadcast to all the nodes 204, 208 of thatroot port 230. Alternatively, one or more of the root ports 230 are ableto have separate initiators 1810 and/or acknowledgers 1812. Each of thenode, gate and root initiators and/or acknowledgers are able to compriseare have access to one or more processors for executing the mechanismdescribed herein and/or one or more memories (e.g. SRAM) for storing are-send table and local copies of transmitted GEM packets 600.

In node to root transmission operation, as described in the datatransmission operation section above, a root port 230 transmits a grantwindow message (see FIGS. 6D and 6E) to one of the nodes 204, 208(and/or gates 202) identifying a grant window allocated to that node.Subsequently, the node 204, 208 (and/or gate 202) use the grant windowto burst a message to root port 230 of the core (e.g. usingburst-PHY-frames), wherein the message includes one or more GEM packets600. Each packet is able to include a source node identifier 612(including a transmission sequence group identifier), a GEM identifier614, a transmission sequence identifier 618, an acknowledgment request,and/or other data as described above. In particular, the node identifier614 is able to include a portion (e.g two bits) that identify thesequence group of the packet whereas the remaining portion identifiesthe source node. For each of the GEM packets 600 in the burst messagewhere acknowledgment is requested (e.g. as indicated via theacknowledgment request field 620), the node initiator 1802 (and/or gatevirtual initiator 1806) creates a new re-send flow including a localcopy of the packet 600 in the node initiator 1802 local memory as wellas a new entry in a re-send table. This data is able to be used tore-send one or more of the packets if necessary.

The new entry in the re-send table is able to comprise one or more of aport identifier, a node identifier, an epoch identifier, a sequenceidentifier, a sequence group identifier, a GEM packet header, a GEMpointer, a GEM re-send timer, a GEM re-send timeout threshold, a GEMre-send counter and a maximum GEM re-send threshold. The portidentifier, for nodes 204, 208, is able to identify the port 99 of thenode 204, 208, for gates 202, is able to identify the root 230 and thenode identifier, and for the core/root, is able to identify one of theroots 230. The node identifier is able to identify the source node 204,208 that initiated the message. The epoch identifier is able to identifythe GEM-packet (from the port of the source node). The sequence groupidentifier and sequence identifier identify the sequence group to whichthe packet 600 was assigned and the sequence number within that groupthat was assigned to that packet 600. The GEM packet header in able tobe a copy of the header of the GEM packet. The GEM pointer is able topoint to the associated local copy of the packet within the localmemory. The GEM re-send timer is able to count the time that has elapsedsince the packet 600 was transmitted and the GEM re-send timeoutthreshold is able to be a configurable value that indicates what valuethe re-send timer needs to reach to trigger an automatic re-send of thepacket. The GEM re-send counter is able to indicate how many times thepacket 600 has needed to be re-sent and the maximum GEM re-sendthreshold is able to be a configurable value that indicates what valuethe re-send counter needs to reach to prevent further re-sends of thepacket (e.g. by clearing the associated entry and local copy and/orsending an interrupt to the core 200 to identify the transmissionissue). Alternatively, the table is able to include more or less fields.

After transmitting the grant window message, the core acknowledger 1812monitors the grant window for receipt of a burst message from the node204, 208 to which the window was granted. If no message is receivedduring that time, core acknowledger 1812 transmits a missed burstacknowledgment message to the node 204, 208 that indicates that the rootport 230 did not receive a message during the grant window and the rootport 230 re-grants the same grant window to the node 204, 208 during thenext cycle (e.g. via another grant message indicating the same time slotand/or size). In some embodiments, the missed burst acknowledgmentmessage is broadcast to all of the nodes 204, 208 in the network 206,210 of the root port 230. Alternatively, the missed burst acknowledgmentmessage is able to be unicast or multi-cast to one or a subset of thenetwork 206, 210. Upon receiving the missed burst acknowledgment message(and subsequently the grant message), the node initiator 1802 recreatesthe burst message using the re-send table and the stored local copies ofthe GEM packets 600 and retransmits the reproduced burst message to theroot port 230 during the re-granted grant window (optionally at a higherpriority). At the same time, the node initiator 1802 resets the re-sendtimer and increments the re-send counter. However, if incrementing there-send counter would cause the value to be beyond the re-send thresholdvalue, the node initiator 1802 performs an action to diagnose why themessage delivery continues to fail. For example, the initiator 1802 isable to send an interrupt to the core CPU to perform a link diagnosticstest, clear the re-send flow including the stored local copies and/orthe entry, the root port 230 could extend the length of the preamble ofthe burst message and select stronger FEC algorithm for future burstmessages, and/or other diagnostic actions.

When/if the root port 230 receives the burst message, the root port 230un-packs the burst-PHY-frame and parses the received GEM packets 600.For each of the GEM packets 600, the core acknowledger 1812 validatesthe burst message including the packets 600. For example, the coreacknowledger 1812 is able to determine if there are any uncorrectableerrors in any of the packets 600 including if the source of the packet600 cannot be determined due to an error in the header of the GEM packet600. In some embodiments, validating each of the GEM packets 600includes one or more of performing forward error correction (FEC),cyclic redundancy check (CRC) validation, Bose, Ray-Chaudhuri,Hocquenghem (BCH) code validation and/or other types of packet errorcorrection.

If the packet is to be broadcast or multicast (not unicast) and thedestination of the packet is a node 204, 208 in the same network 206,210 as the source node 204, 208 (e.g. coupled with the core 200 via thesame root port 230) and a part of the nodes 204, 208 that will receivethe broadcast or multicast, then acknowledgment is not required forthose packets 600 (even if acknowledgment is requested according to therequest field 620). Instead, after the core 200 processes the packets600 as necessary, the root 230 broadcasts or multicasts the packetswithout any uncorrectable errors (e.g. in a broadcast-PHY-frame) to allor the select subset of the nodes 204, 208 on the network 206, 210. As aresult, when the source node 204, 208 receives the broadcast/multicastmessage including the packets, it identifies itself as the source of thepackets and the node initiator 1802 removes those packets from there-send flow. Any packets that are not included in thebroadcast/multicast message (e.g. due to uncorrectable errors asdescribed above) are automatically re-sent in a subsequent burst messagewhen their associated re-send timers reach the re-send timer thresholdvalue. These re-sent packets 600 are able to be combined with otherpackets 600 in a burst message in order to fill the granted transmissionwindow for the node 204, 208. As a result, the message retransmissionmechanism provides the advantage of reducing network congestion by notrequiring acknowledgment messages when the destination of the packet isa node 204, 208 in the same network 206, 210 as the source node 204,208.

If the destination of the packet is a node 204, 208 that is not in thesame network 206, 210 as the source node 204, 208, then acknowledgmentis required for those packets 600 that requested it according to therequest field 620. The core acknowledger 1812 constructs and transmitsto the source node 204, 208 a received-GEM acknowledgment message(RX-GEM-ACK) that indicates which of the packets 600 are valid and which(if any) of the packets had uncorrectable errors such that they need tobe re-sent. The RX-GEM-ACK is able to include a start of sequenceidentifier, an end of sequence identifier, a sequence group identifier,a source/destination node identifier and/or other fields describedherein.

For example, as shown in FIG. 19, the RX-GEM-ACK is able to comprise aheader type field 1902 (similar to GEM-HD-TYPE 606 as shown in FIGS.6C-F), a control message type 1904 (similar to control message type 654in FIG. 6F), a destination node status 1906 that indicates whether thedestination node is asleep, powered down or awake, a sequence groupidentifier 1908 that identifies the which sequence group the packetsbelong to, a start of sequence identifier 1910 that identifies a firstsequence number (of the group), a source/destination node identifier1912 that identifies the source node or the destination node, a GEMsource/destination identifier 1914 (similar to GEM-PKT-ID 614 of FIG.6B), a GEM-PKT type 1916 (similar to GEM-PKT-TYPE 616 of FIG. 6B), a endof sequence identifier 1918 that identifies a second sequence number (ofthe group), a received acknowledgment request indicator 1920, an HEC1922 (similar to HEC 624 of FIGS. 6B-F), and optionally a bit map 1924.In particular, as generated by the core acknowledger 1812, thesource/destination node identifier 1912 it able to identify thedestination node and the GEM source/destination identifier 1914identifies the GEM destination.

The received acknowledgment request indicator 1920 is able to indicatewhether: the acknowledgment is invalid, the range of sequence numbersfrom the value of start of sequence identifier 1910 to the value of theend of sequence identifier 1918 are all valid, whether just the sequencenumbers of the values of the start and end of sequence identifiers 1910,1918 are valid (but not necessarily those in between), or the bit map1924 is included, wherein each bit of the bit map 1924 represents onesequence identifier and indicates whether the packet assigned to thatidentifier was validated (e.g. received without any uncorrectableerrors). Alternatively, more or less fields are able to be used. In someembodiments, the bit map 1924 includes a bit or unit/portion for eachsequence number in the sequence group. Alternatively, the bit map 1924is able to include less than a bit or unit/portion per sequence number.For example, the bit map 1924 is able to only include enough bits/unitsto identify sequence numbers that are not within the range of sequencenumbers from the value of start of sequence identifier 1910 to the valueof the end of sequence identifier 1918. As a result, the overhead spacerequired to transmit the bit map 1924 is able to be reduced by utilizingthe start/end of sequence identifiers 1910, 1918.

If there were no uncorrectable errors, the RX-GEM-ACK is able toindicate that all the packets identified by the sequence identifiernumbers withing the start of sequence and the end of sequenceidentifiers are valid. If there were one or more packets 600 withuncorrectable errors, the RX-GEM-ACK is able to indicate which of thepackets in the burst message is valid using the bit map including a bitfor each sequence number in the sequence group, where each bitrepresents one of the packets/sequence numbers and indicates whetherthat packet/sequence number was valid or invalid. Alternatively or inaddition, the RX-GEM-ACK is able to identify a range of the sequencenumbers that are all valid or invalid (e.g. using the start of sequenceand end of sequence fields as range markers) such that the bit map isable to exclude that range of sequence numbers of the group (such thatthe bit map and the RX-GEM-ACK is smaller).

When the source node 204, 208 receives the RX-GEM-ACK, the nodeinitiator 1802 identifies which of the packets 600 were validlydelivered and remove their associated re-send flows (e.g. remove there-send table entries and/or local copies). The re-send flows of all theremaining packets (which had uncorrectable errors) remain in the nodeinitiator 1802, which continuously updates their re-send timers and thenre-sends them in a subsequent burst message in a subsequent grant windowafter their re-send timers pass the re-send threshold value (whileupdating their re-send counter value). This process repeats until all ofthe packets are validly transmitted (and thus their flows removed) orthe re-send counter value reaches the re-send threshold value and anaction must be take as described above. Also, as described above, thesere-sent packets 600 are able to be combined with other packets in thesubsequent burst messages in order to efficiently fill the grant window.

If for any reason the source node 204, 208 does not receive a missedburst acknowledgment message, a RX-GEM-ACK and a rebroadcast ormulticast of the burst message (with the source node 204, 208 as thesource), the node initiator 1802 continuously updates the re-send timer(e.g. each cycle) for each of the packets 600 and initiatesre-transmission as if a missed burst acknowledgment message was receivedwhen the timers reach the threshold value. This process continues untilall the packets 600 are validly delivered or the re-send counter valuepasses the re-send threshold and an action is taken as described above.

If the destination of the message is one or more other nodes (or formessages originating within the core 200), the core 200 needs to processand forward the message from one of the root ports 230 to thedestination nodes 204, 208. As described below, this transmission fromthe root port 230 to the nodes 204, 208 implements its own instance ofthe message retransmission mechanism that operates in parallel to themechanism described above.

In this root to node transmission operation, as described in the datatransmission operation section above, the core 200 processes the message(e.g. look-ups, header modification, or other packet processingfunctions), determines the destination node(s) of the message, andpasses the message to the root port 230 coupled with those destinationnode(s). Subsequently, the root port 230 use the next broadcast windowto broadcast, multicast or unicast the message to some or all of thenodes 204, 208 within the network 206, 210 coupled to that root port 230(e.g. using broadcast-PHY-frames), wherein the message includes one ormore GEM packets 600. As described above, each packet is able to includea node identifier field 612 (e.g. destination node(s)), a GEM identifier614, a transmission sequence identifier 618, an acknowledgment request,and/or other data as described above. In particular, the node identifier614 is able to include a portion (e.g two bits) that identify thesequence group of the packet whereas the remaining portion identifiesthe destination node(s).

Like in the node initiator 1802, the core initiator 1810 creates a newre-send flow including a local copy of the packet 600 in the coreinitiator 1802 local memory as well as a new entry in a re-send tablefor each of the GEM packets 600 in the broadcast/multicast/unicastmessage where acknowledgment is requested. As described above, thesere-send flows are able to be used to re-send one or more of the packets600 if necessary. The new entry is able to be the same as the entries ofthe node/gate initiators 1802, 1806 described above, comprising, forexample, one or more of a port identifier, a node identifier, an epochidentifier, a sequence identifier, a sequence group identifier, a GEMpacket header, a GEM pointer, a GEM re-send timer, a GEM re-send timeoutthreshold, a GEM re-send counter and a maximum GEM re-send threshold.

For a unicast message, the re-send flow is able to be operated byvirtual initiator (implemented by the core 200) that is dedicated to thenode 204, 208 that is the destination of the unicast message/packets600. As described above, the core initiator 1810 is able to implement aseparate virtual initiator for each node 204, 208 that handles re-sendflows for packets that are unicast to that node 204, 208. For abroadcast or multicast message, the re-send flow is able to be operatedby a broadcast or multicast specific virtual initiator that correspondsto all the nodes 204, 208 included in the broadcast (e.g. all nodes ofthat network 206, 210) or all the nodes 204, 208 included in themulticast (e.g. a subset of the all the nodes of that network 206, 210).In such embodiments, the root 200 is able to designate one of the nodes204, 208 of that broadcast or multicast group of nodes as theacknowledging node, wherein that node 204, 208 is configured toacknowledge all messages/packets that are broadcast/multicast on thenetwork 206, 210 (even if the message/packets were not intended for thatnode), while the other nodes 204, 208 do not respond (even if themessage/packets were intended for those nodes). As a result, instead ofa plurality of separate virtual initiators for each node creatingre-send flows for each of the packets destined for that node, thebroadcast or multicast specific virtual initiator is able to create asingle re-send flow for the whole broadcast/multicast message that onlycorresponds to the acknowledging node, but is able to represent theentire broadcast/multicast group of nodes 204, 208. Alternatively, thecore 200 is able to designate an acknowledging subset of the nodes 204,208 of the network 206, 210 as the acknowledging nodes, wherein there isa separate broadcast or multicast specific virtual initiator implementedby the core initiator 1810 for each node of the acknowledging subset(which would still be less than a separate one for all of the nodes inthe broadcast/multicast group of nodes).

In some embodiments, the acknowledging node(s) are selected based on theorder in which broadcast messages are received by the nodes 204, 208(e.g. the last node in the order is able to be selected because it isthe most likely to receive errors). Alternatively, the broadcast ormulticast specific virtual initiators are able to be omitted and for the“unicast” virtual initiator of each node 204, 208 is able to create are-send flow if that node is a destination of one or more of the packetsof the broadcast/multicast message. In such embodiments each node 204,208 is able to send acknowledgment messages back to the root port 230(not just a selected one or subset). It should be noted that for thesake of brevity the following discussion describes a single destinationor acknowledging node. However, it is understood that in the case of aplurality of destination or acknowledging nodes each destination oracknowledging node would perform the actions described herein.

Subsequently or concurrently, the root port 230 (as notified by the coreinitiator 1810) is able to transmit a grant window message (see FIGS. 6Dand 6E) to the destination or acknowledging node 204, 208 identifying agrant window allocated to the node(s) for acknowledging receipt of themessage. After the grant window message is transmitted, the coreacknowledger 1812 monitors the grant window for receipt of a burstacknowledge message from the destination or acknowledging node 204, 208.

If it does not receive an acknowledgment message RX-GEM-ACK within there-send timer period, the core initiator 1810 (via the virtual initiatorassociated with the packets whose re-send timer has expired) recreatesthe unicast/broadcast/multicast message using the re-send table and thecopies of the GEM packets 600 and retransmits the reproduced message inthe same manner and to the same nodes 204, 208 as the original messageusing the next broadcast window (optionally at a higher priority). Atthe same time, the core initiator 1810 resets the re-send timer andincrements the re-send counter for each of the packets' re-send flows(e.g. in each unicast virtual initiator of the associated nodes or thebroadcast/multicast virtual initiator). However, if incrementing there-send counter would cause the value to be beyond the re-send thresholdvalue, the core initiator 1810 performs an action to diagnose why themessage delivery continues to fail. For example, the initiator 1810 isable to send an interrupt to the core CPU to perform a link diagnosticstest, clear the re-send flow including the stored local copies and/orthe entry, the root port 230 could extend the length of the preamble ofthe burst message and select stronger FEC algorithm for future burstmessages, and/or other diagnostic actions.

For each of the nodes 204, 208 that receive thebroadcast/multicast/unicast message, but are not the destination nodefor unicast or acknowledging node for multicast/broadcast, the nodes204, 208 may accept the packets if they are intended for the nodes 204,208, but they will not send an acknowledgment to the root port 230(because they are not the destination node or acknowledging node).

For each of the nodes 204, 208 that receive thebroadcast/multicast/unicast message and are the destination node forunicast or acknowledging node for multicast/broadcast, the nodes 204,208 may accept the packets if they are intended for the nodes 204, 208,but even if not, they will send an acknowledgment to the root port 230(because they are the destination node or acknowledging node).Specifically, when/if the destination or acknowledging node 204, 208receives the broadcast/multicast/unicast message, the destination oracknowledging node 204, 208 un-packs the message (e.g.broadcast-PHY-frame) and parses the received GEM packets 600. For eachof the GEM packets 600, the node acknowledger 1802 validates the messageincluding the packets 600. For example, the node acknowledger 1802 isable to determine if there are any uncorrectable errors in any of thepackets 600 including if the source of the packet 600 cannot bedetermined due to an error in the header of the GEM packet 600. In someembodiments, validating each of the GEM packets 600 includes one or moreof performing forward error correction (FEC), cyclic redundancy check(CRC) validation, Bose, Ray-Chaudhuri, Hocquenghem (BCH) code validationand/or other types of packet error correction.

If one or more of the packets 600 requested acknowledgment according tothe request field 620, the node acknowledger 1804 constructs andtransmits to the root port 230 (of that network 206, 210) a received-GEMacknowledgment message (RX-GEM-ACK) that indicates which of theacknowledgment requesting packets 600 are valid and which (if any) ofthe packets had uncorrectable errors such that they need to be re-sent.The RX-GEM-ACK is able to be substantially similar to the RX-GEM-ACKsent by the core acknowledger 1812 described above with respect to FIG.19. However, in some embodiments when generated by the node acknowledger1804, the source/destination node identifier 1912 is able to identifythe source node and the GEM source/destination identifier 1914 is ableto identify the GEM source.

If there were no uncorrectable errors, the RX-GEM-ACK is able toindicate that all the packets identified by the sequence identifiernumbers withing the start of sequence and the end of sequenceidentifiers are valid. Contrarily, if there were one or more packets 600with uncorrectable errors, the RX-GEM-ACK is able to indicate which ofthe packets in the broadcast/multicast/unicast message is valid usingthe bit map including a bit for each sequence number in the sequencegroup, where each bit represents one of the packets/sequence numbers andindicates whether that packet/sequence number was valid or invalid.Alternatively or in addition, the RX-GEM-ACK is able to identify a rangeof the sequence numbers that are all valid or invalid (e.g. using thestart of sequence and end of sequence fields as range markers) such thatthe bit map is able to exclude that range of sequence numbers of thegroup (such that the bit map and the RX-GEM-ACK is smaller).

When the source root port 230 receives the RX-GEM-ACK from thedestination or acknowledging nodes, the corresponding virtual initiatorsof the core initiator 1810 identify which of the packets 600 werevalidly delivered and remove their associated re-send flows (e.g. removethe re-send table entries and/or local copies). The re-send flows of allthe remaining packets (which had uncorrectable errors) remain in thecorresponding virtual initiators, which continuously update theirre-send timers and then re-sends them in a subsequentbroadcast/multicast/unicast message in a subsequent broadcast windowafter their re-send timers pass the re-send threshold value (whileupdating their re-send counter value). These re-sent packets 600 areable to be combined with other packets 600 in the subsequentbroadcast/multicast/unicast message in order to fill the transmissionwindow for the root port 230.

As described above, if for any reason the root port 230 does not receivea RX-GEM-ACK, the corresponding virtual initiators of the core initiator1810 continuously updates the re-send timer (e.g. each cycle) for eachof the packets 600 and initiates re-transmission when the timers reachthe threshold value. This process repeats until all of the packets 600are validly transmitted (and thus their flows removed) or the re-sendcounter value reaches the re-send threshold value and an action must betake as described above. Accordingly, the system 100 provides theadvantage that each message transmission (e.g. node to gate; node toroot; gate to root; root to gate; root to node) within the bus 104 isable to implement its own parallel message retransmission mechanism suchthat together the mechanisms provide the advantage of robust messagedelivery assurance on the bus 104.

Although the description herein focuses on messages directly betweennodes 204, 208 and root ports 230, it is understood that the messagesare able to be forwarded through one or more gates 202 on their waybetween the nodes 204, 208 and the root ports 230. In such embodiments,the gates 202 are able to interact with the nodes 204, 208 in the samemanner as the root ports 230 when receiving messages from ortransmitting messages to the nodes 204, 208. Further, the gates are ableto interact with the root ports 230 in the same manner as the nodes 204,208 when receiving messages from or transmitting messages to the rootports 230. In other words, the gates 202 provide acknowledgments tonodes, receive acknowledgments from root ports 230 and vice versa as themessages are passed from the nodes 204, 208 to the gates 202 to the rootports 230 and back. Thus, the gates 202 provide yet another layer ofmessage retransmission mechanism that ensures that acknowledgmentresponse time is low such that the mechanism does not interfere with thehigh speed communication across the bus 104. Additionally, one or moreof the gates 202 are able to act in the same manner as the nodes 204,208 when acting on behalf of the virtual nodes represented by the gates202, wherein the gates 202 implement virtual gate initiators andacknowledgers for each of the virtual nodes.

Further, it should be noted that where the description refers to thefunctions of the core initiator 1810 and the core acknowledger 1812,these functions are able to be implemented via virtual initiators andacknowledgers operated by the core 200. In particular, each root port230 has a virtual initiator and acknowledger (implemented by the core200) for each node 204, 208 within its network 206, 210 that performsthe claimed functions when the functions relate to messages where thatnode 204, 208 is the source and/or destination. Additionally, the core200 is able to implement an extra virtual initiator for each root port230 that is dedicated to multicast or broadcast messages to multiplenodes 204, 208 within the network of the root port 230.

Also, instead of acknowledging when messages are received without error,the system 100 is able to acknowledge when messages are received witherrors. In such embodiments, the system 100 operates substantiallysimilar to as described herein except that the nodes/root are able toassume that a message has been correctly transmitted and release thestored resend data if no acknowledgment is received within the resendtime period and at the same time are configured to send an acknowledgewhen a message with an uncorrectable error is received (and not when acorrect or correctable message is received).

FIG. 20 illustrates a method of implementing a guaranteed messagedelivery mechanism on a control and sensor bus according to someembodiments. As shown in FIG. 20, one of the root ports 230 transmits awindow grant message to one of the nodes 204, 208 at the step 2002. Theone of the nodes 204, 208 bursts a message (e.g. Burst-PHY-framemessage) to the root port 230 (either destined for the core 200 or oneor more other nodes 204, 208) within the transmission window at the step2004. As described above, such burst messages are able to include aplurality of GEM packets 600, with each packet including destinationinformation 612 and an acknowledgment request indicator 620 among otherdata. The one of the nodes 204, 208 stores a copy of the message withits acknowledgment engine at the step 2006. If the root port 230receives the burst message without any uncorrectable errors (e.g. noerrors in the burst PHY header and/or any errors are correctable usingFEC data), the root port 230 transmits a data-received acknowledgmentmessage to the one of the leaf nodes 204, 208 at the step 2008. As aresult, the one of the nodes 204, 208 is able to remove the local copyof the burst message at the step 2010.

In some embodiments, the root port 230 transmits a missed burst messageto the one of the nodes 204, 208 if the root port 230 does not receivethe data message within the transmission window. Upon receiving themissed burst message, the one of the nodes 204, 208 is able to resendthe burst PHY frame message using the local copy. In some embodiments,if the root port 230 receives the burst PHY frame message withuncorrectable errors in a subset of the GEM packets 600 (e.g. some ofthe GEM packets 600 have errors that cannot be corrected using the FECdata), the root port 230 transmits a data-partially-received message tothe one of the nodes 204, 208. As described above, thisdata-partially-received message is able to include packetmissing/received information that identifies the subset of the packets600 that need to be re-sent. In some embodiments, in response toreceiving the data-partially-received message, the one of the nodes 204,208 removes the packets 600 that are not a part of the subset (e.g. thepackets of the burst message that did not have uncorrectable errors)from the copy based on the missing/received information (as thesepackets 600 no longer need to be transmitted). As described above, theroot port 230 is able to construct one or more of start and end pointersthat indicate consecutive packets that are correctable/correct (oruncorrectable/incorrect) and a bit map where each bit corresponds towhether a packet is ok or needs to be re-sent.

In some embodiments, the one of the nodes 204, 208 re-sends the subset(e.g. the packets that had uncorrectable errors) to the root port 230 ina new burst message (e.g. after the timers associated with each of thesubset expire) in a subsequent transmission window granted to the one ofthe nodes 204, 208. In such embodiments, if there is room in thesubsequent transmission window, the node 204, 208 is able to addadditional data (e.g. new GEM packets 600) to the new burst message inorder to increase the throughput of the bus 104. In some embodiments, ifthe destination of the burst message is a node 204, 208 within the samenetwork 206, 210 (e.g. the broadcast network associated with the rootport 230) as the one of the nodes 204, 208 that sent the burst message,the root port 230 is able to omit sending a data-received messagebecause the broadcast of the burst message is able to act as theacknowledgment. Specifically, when the one of the nodes 204, 208receives the burst message (as broadcast from the root port 230 to allnodes in its broadcast network 206, 210) with itself indicated as thesource, the one of the nodes 204, 208 is able to treat this as receivinga data-received message for that burst message and clear the local copyand associated data.

In some embodiments, the root port 230 passes the burst message toanother of the root ports 230, which forwards/broadcasts the burstmessage from the core 200 to the nodes of the network 206/210 of thatother root port 230. In doing so, the root port 230 is able to store alocal copy of the message (in the same manner as the one of the nodes204, 208 above) that is able to be used to rebroadcast some or all ofthe message if its transmission is not acknowledged by the destinationnode(s) 204, 208. In some embodiments, the for each network 206, 210associated with a root port 230, the core 200 is able to select one or asubset of the nodes 204, 208 as target acknowledgment nodes. As aresult, when a message is broadcast to the nodes 204, 208 of one of thenetworks 206, 210, only the target acknowledgment nodes 204, 208 (notall the nodes in the broadcast or multicast) are configured torespond/acknowledge whether they received the message without anyuncorrectable errors (and/or what packets 600 need to be re-sent).Accordingly, the system 100 provides the advantage of lowering thecost/congestion caused by the mechanism by reducing the number of nodesthat need to transmit data-received acknowledgment messages back to theroot port 230. In some embodiments, the node(s) 204, 208 that arefarthest from the root port 230 (such that they are the last to receiveany broadcast message) are the nodes 204, 208 that are selected.

In some embodiments, the missed burst acknowledgment message orreceived-GEM acknowledgment message are able to be combined as a singlemessage with a subsequent grant message for granting a window forre-transmitting that missed data subset and/or missed whole message. Insome embodiments, the root ports adjust the size of one or moretransmission windows granted to a leaf node for the re-sending of datahaving uncorrectable errors as received by the root ports (in theoriginal message from that leaf node) based on the size of the datahaving the uncorrectable errors.

Multi-Layer Security

FIG. 13 illustrates the bus 104 including a multi-layer securityarchitecture including a component layer, a network layer and a behaviorlayer according to some embodiments. Alternatively, one or more of thelayers are able to be omitted. Thus bus 104 of FIG. 13 is able to besubstantially similar to the bus of FIG. 2 except for the differencesdescribed herein. As shown in FIG. 13, the bus 104 is able to comprise asecurity module 1302, a dedicated security module management centralprocessing unit (CPU) 1304 and one or more behavior monitoring nodes1306. In some embodiments, there is one or more separate behaviormonitoring nodes 1306 in each of the networks 206 and/or subnetworks 210for monitoring the behavior of the nodes 204, 208, 234 of those networks206/210. Alternatively, one or more of the behavior monitoring nodes1306 is able to monitor the behavior of the nodes 204, 208, 234 of aplurality or all of the networks 206 and/or subnetworks 210. In someembodiments, each core 200 includes a separate security module 1302 anddedicated security module management CPU 1304 within the core 200.Alternatively, one or more of the cores 200 are able to not have aseparate security module 1302 and dedicated security module managementCPU 1304 and/or the security module 1302 and the dedicated securitymodule management CPU 1304 are able to be external to the cores 200within the bus 104. In some embodiments, each security module 1302 has aseparate dedicated security module management CPU 1304 that operateswith the security module 1302. Alternatively, one or more of thededicated security module management CPUs 1304 are able to operate witha plurality of different security modules 1302.

The component layer is able to comprise the security module 1302, thededicated security module management CPU 1304 and a debug element 1306.As shown in FIG. 14, the security module 1302 is able to comprise amemory 1402 (e.g. non-volatile memory), a one-time programmable (OTP)memory 1404, a random number generator 1406 (e.g. true random numbergenerator (TRNG)), a key generator 1408 (e.g. hardware cryptographic keygeneration engine), a boot read-only memory (ROM) 1410, a random accessmemory (RAM), one or more CPUs 1414 and a security module interface1416. In some embodiments, the module 1302 is able to include externalmemory via additional memory 1402′ (e.g. additional non-volatile memory)and/or additional RAM 1412′. In such embodiments, the module 1302 isable to access, read, or write to the external memory via the interface1416. The external memory is able to be located in one or more of thecores 200 and/or elsewhere on the bus 104. In some embodiments, only thekey generator 1408 has access to the OTP memory 1404 such that OTPmemory 1404 is insulated from outside access. In some embodiments, oneor more of the elements of the module 1302 are able to be omitted orduplicated and/or different elements are able to be added.

The OTP memory 1402 is memory that cannot be reprogrammed or readwithout damaging the memory such that the memory is only able to beprogrammed a single instance. Within the module 1302, the OTP memory1402 is programmed to store one or more primary seeds and/or a uniqueprimary key (e.g. endorsement primary key), storage key and platform keyderived from one or more of the primary seeds for each core 200 and node204, 208, 234 of the bus 104. These primary seeds and primary keys arenever shared outside the module 1302 and within the module 1302 are ableto be used to derive all other security keys for the nodes/cores towhich they have been assigned/associated (e.g. forming a hierarchicaltree of keys). Specifically, the key generator 1408 is able to accessthe primary keys in order to generate secondary keys for one or more ofthe nodes and/or cores, which are then able to be stored in the memory1402 (and in additional memory 1402′ if memory 1402 is full). In someembodiments, the primary platform key is used to derive one or more ofeach node/core's platform key (for network certificates) and eachnode/core's network encryption keys (e.g. AES encryption) for encryptingmessages on the bus 104. In some embodiments, the network encryptionkeys are able to begin in each core 200 (and distributed to nodescoupled with that core). Theses keys are able to be changed during aftera core's 200 reboot. Further, during core 200 operation, the core 200and/or system 100 is able to change the network encryption keys anddistribute the new keys to the nodes (optionally excluding nodes thatexhibit suspicious behavior as indicated by the behavior moduledescribed below). In some embodiments, the network encryption keys arein an ephemeral key hierarchy in the module 1302. In some embodiments,the primary storage key is able to be used to derive one or more of eachnode/core's memory 1402, 1402′ encryption keys and each node/core's filesystem encryption keys. In some embodiments, the primarybirth/endorsement key is able to be used to derive one or more of eachnode/core's identity key for use in identification/authenticationprocesses.

For example, a root security key (RSK) of a node/core is able to be anRSA key generated for the node/core (e.g. by the key generator 1408)based on one or more of the primary keys (e.g birth keys) for thatnode/core; a storage key (SK) for the node/core is able to be an RSA keygenerated for the node/core (e.g. by the key generator 1408) based onthe RSK of the node/core; the sign key (SignK) used for digitallysigning messages of the node/core is able to be an RSA key generated forthe node/core (e.g. by the key generator 1408) based on the SK of thenode/core; the root network key (RNK) of the node/core is able to be anRSA key generated for the node/core (e.g. by the key generator 1408)based on the RSK of the node/core; and the network AES key (NAK) usedfor encrypting/decrypting messages for the node/core is able to betransported to the node/core along with the RNK. Alternatively, othertypes of secondary keys are able to be used and/or derived from theprimary keys. Each of the secondary keys for each node/core are able tostored in the memory 1402, 1402′ of the module 1302 in encrypted formsalong with their hierarchical relationship to each other and/or theirprimary key(s). One or more of these keys of each node/core (except forthe primary seeds and/or primary keys) are able to be reset, reassignedand/or recalculated by the dedicated security module 1302 periodicallyand/or in response to a current status (e.g. a detected behavior statusdetermined by the behavior layer as described below). In someembodiments, one or more of the primary and secondary keys are only ableto be used inside the security module 1302. In some embodiments, theencrypted keys are able to be loaded into the module 1302, decrypted andsaved for later use.

Additionally, the primary and/or secondary keys are able to be used toprovide certificates to each of the nodes and/or cores. In particular,each core is able to be provided with a certificate authority (e.g.saved in the memory 1402, 1402′) for use in verification/authenticationof valid cores that the node can connect to (see the two-wayauthentication process below). Similarly, each node is able to beprovided a network certificate and a birth certificate (e.g. saved inthe memory 1402, 1402′) for use in joining one of the networks 206, 210of the bus 104 and in proving the node's identity on the bus 104,respectively. Also, an original software certificate authority is ableto be stored in the OTP memory 1404. This certificate authority'sauthorization code and its complete self is able to be provided (e.g.along with the seeds) by the original owner of the system 100 and isable to be used to authenticate software that can be loaded and used onthe bus 104 (see trust boot process below).

The random number generator 1406 is able to generate random numbersand/or strings that are able to be used by the key generator 1408 alongwith the primary seeds and/or keys to generate the secondary keys of thekey tree for each node 204, 208, 234 and/or core 200. In someembodiments, the key generator 1408 is also able to generateauthentication codes for messages for enabling the secure communicationwithin the networks 206, 210 and/or is able to be used to generate hashbased keys for the nodes and/or cores. The security module interface1416 is able to provide an interface for communicating with thededicated security module management CPU 1304 for receiving andresponding to system 100 requests.

In some embodiments, the module 1302 includes a reset function that isable to reset the settings of the security module such that all of thememory 1402, 1402′ is deleted thereby removing all the security keysstored there. However, even during a reset, the data stored in the OTPmemory 1404 (e.g. primary seeds/keys) is not affected. In someembodiments, the reset function 1416 is not able to be activatedremotely such that a physical presence of an administrator is requiredto reset the security module 1302.

The dedicated security module management CPU 1304 is able to be isolatedfrom all other CPU subsystems within the network 100 and is dedicated tooperating with the security module 1302. As a result, the dedicatedsecurity module management CPU 1304 provides the only access to thesecurity module 1302 within the system 100. In order for any of theoperating elements of the bus 102 to access the security module 1302they must interface with the security module management CPU 1304 whichthen communicates with the module 1302 in order to retrieve the desireddata.

The component layer is also able to implement a cascade supervisorinfrastructure and a trust boot process. Specifically, FIG. 15illustrates the bus 104 comprising a plurality of subsystems dividedinto a plurality of cascade supervisor levels according to someembodiments. As shown in FIG. 15, a highest level is able to include oneor more of the dedicated security module management CPU 1304, thesecurity module 1302, one or more controllers (e.g. microcontrollerunits (MCU)) 1502 for executing real-time control over devices 102 andone or more converters 1504 (e.g. analog to digital converter (ADC),digital to analog converter (DAC)). In some embodiments, the controllerunits 1502 are able to incorporate one or more computer systemapplications or user applications. A second level is able to include oneor more network engines 1506. In some embodiments, one or moreadditional levels are able to be added. Each component of each level isprovided access to lower layer resources/services, but each lower layercomponent is not able to direct access/use to upper levelresources/services. Instead, if an upper layer resource/service isrequired, the lower level component is able to send an request (e.g.interrupt signal) to the higher level component for the desiredresources/services. As a result, the upper level components are able toenforce security protocols on the lower level components by enforcingthese protocols in granting, performing or denying the lower levelcomponent requests. At the same time, only the dedicated security modulemanagement CPU 1304 has access to the security module 1302 (whereencryption keys and certificates are stored). Alternatively, more orless levels and/or components are able to be used.

The trust boot process is a secure boot process wherein each bootedprogram (e.g. boot loaders of nodes or other elements of the system 100and/or operating system images of management CPU 1304, controllers 1502,drivers, user applications and/or other programs) is authenticatedbefore booting the next level of the system such that programs that areunable to be authenticated are prevented from operating untilauthentication is able to be established. Specifically, the memory 1402of the security module 1302 is able to store a measurement set (e.g.hash or other measurement metric) for each program to be booted on thesystem 100 (e.g. each image and/or boot loader of the program) and anoriginal certificate authority that is able to verify the certificatesof the booted programs. The original certificate authority (e.g. asprovided by the original owner) is able to be stored in the OTP memory1404 during manufacture or startup of the bus 104. The measurement setfor each program is able to include: a golden set of measurements (e.g.factory/initial settings); a last set of measurements recorded from themost recent boot attempt; and a current set of measurements recordedfrom the booting of the program as it is currently running on the system100. Further, each time a program is updated, rather than overwritingthe existing entry of measurements, a new entry of golden, last andcurrent sets of measurements is able to be stored (such that the systemis able to return to previous measurements sets if they wish to revertback from a subsequent update). In some embodiments, each booted programcomprises a certificate (e.g. manufacturer's certificate), the bootprogram itself, and a measurement of the boot program (e.g. signed codehash). As described below, each boot program's certificate andmeasurements need to be verified before the program is able to beexecuted/booted.

In operation, while halting the booting of all other programs, thesystem 100 first uses the certificate authority stored in the OTP memory1404 to determine if the bootloader certificate of the bootloadersoftware of the dedicated security module management CPU 1304 isauthentic. For example, the certificate is able to be the signature of akey that is able to be decrypted using a key verifiable by thecertificate authority. If it is not authentic, the boot is aborted andcorrective action is taken (e.g. using a previous stored version,issuing an administrative alert, etc.). If it is authentic, the systemmeasures the boot software image of the dedicated security modulemanagement CPU 1304, store the results as the last measurement set forthe associated entry in the security module 1302 and compares theresults with the stored golden measurement set for that entry. If themeasurements match (or substantially match within a defined range ofinconsistency), the system boots the security module management CPU 1304and records the results as the current measurements for the associatedentry. The system then is able to repeat this pattern for booting eachsubsequent program (while halting the booting of other programs) and inthe same manner measure the program, store the results, compare themwith the stored golden measurement set and boot the program if theresults match (or substantially match within a defined range ofinconsistency). If the measurement results of any of the programs do notmatch (or substantially match within a defined range of inconsistency),the measurement is able to be recalculated and/or the booting of thoseprograms is able to be halted and/or skipped until an administratorapproves the inconsistencies or approves boot from a previous storedentry (e.g. a previous version).

In some embodiments, if subsequent user's want to add additionalsoftware that does not have a certificate from the original certificateauthority, there can be multiple stages of bootloaders that each use asubsequent certificate authority (granted by the previous certificateauthority) in order to authenticate the certificate of their bootsoftware. Specifically, in such multi-stage boot processes, after thestage 1 bootloader software certificate and software measurements (e.g.hash) are authenticated as described above, the stage 1 bootloadersoftware is executed and the stage 1 certificate authority (e.g.provided by the original bus 104 owner and stored in the OTP memory1404) generates a new certificate authority and loads it into the RAM1412, 1412′ of the security module 1302. This new certificate authorityis signed by the original certificate authority and issues a stage 2bootloader software certificate. This stage 2 bootloader softwarecertificate is able to be used along with the stage 2 bootloadersoftware so it can be authenticated by the security module 1302 (usingthe new certificate authority instead of the original certificateauthority) in the same manner that the stage 1 bootloader softwarecertificate was verified as described above.

If the stage 2 bootloader software certificate is authenticated, thensoftware measurements (e.g. hash) are taken of the stage 2 bootloadersoftware to determine if they substantially match with the goldenmeasurements for stage 2 (or if this is the first time, the measurementsare stored as the golden measurements). If the measurementssubstantially match, the stage 2 bootloader software is executed. If anyof the authentications fail, then the booting of that bootloadersoftware is able to be aborted or retried. This pattern is then able tocontinue for any subsequent stages with, the previous stage generatingthe new certificate authority and software certificate for eachsubsequent stage in the chain. As a result, the system is able to ensurethat each program running on the bus 104 is authenticated.

The debug element 1306 is able to be implemented via one or more debugaccess ports (e.g. joint test action group (JTAG) ports) and/or remotelyvia the network 210 along with a debug control interface (IF) and adebug controller. The debugging element requires authentication beforeit enables access to the bus 102. Specifically, the debug elementrequires a debug certificate issued by a network component (e.g. a nodemanufacturer is required to enable debug control interface (IF) insidethe SoC (e.g. core 200)). Regarding the debugging of the security module1302, the debug control IF is able to be enabled via the dedicatedsecurity module management CPU 1304 and is able to only be valid for apredetermined time period and/or other specific preprogrammed states. Insome embodiments, the debug element 1306 is disabled at runtime (e.g. toprevent runtime hacking).

As a result, the component layer provides the advantage of preventingunknown or unauthorized components from communicating or otherwisedisrupting operation of the bus 104 including preventing both physicaland software corruption attempts. Additionally, the component layer isable to stop power rail attacks by screening power consumption frombeing used to deceive security keys.

The network layer comprises the implementation of a two-way node/coreauthentication and/or a message encryption protocol. The two-waynode/core authentication is able to be implemented on the bus 104 eachtime a node 204, 208, 234 joins the bus 104 (e.g. a device 102 couplesto the node 204, 208, 234), periodically thereafter, upon demand, and/orin response to a behavior pattern detected by the behavior layer. Beforethe process begins, the new node's identifier (e.g. networkingcertificate) is stored in a database of the memory of the core(s) 200 towhich the node 204, 208, 234 wishes to communicate and the identifier(s)and/or certificate(s) (e.g. certificate authority) of those core(s) 200are stored on the node 204, 208, 234. After the node/core areauthenticated, the certificate of the core(s) 200 are stored on the node204, 208, 234 for future communications/authentication. Thesecertificates are able to be core/node manufacturer certificates that areprovided to the security module 1302, which is then able to provide them(or a derivative thereof using one or more of the primary seeds and/orkeys of the core/node) to the core/node. Specifically, each core 200 isable to store the identifiers and/or certificates of all the nodes 204,208, 234 within networks 206, 210 to which the core 200 belongs and eachnode 204, 208, 234 is able to store the identifiers and/or certificatesof all the cores 200 within networks 206, 210 to which the node 204,208, 234 belongs.

FIG. 16 illustrates a method of implementing the two-way node/coreauthentication protocol according to some embodiments. As shown in FIG.16, the node 204, 208, 234 requests to join (or reestablish)communication with a core 200 under a policy (e.g. public, private orother) by transmitting a request message including the identifier of thenode 204, 208, 234 to the core 200 at the step 1602. The policy is ableto define a privilege level to be afforded to the node 204, 208, 234and/or a level of encryption required for communications by the node204, 208, 234. The core 200 verifies the identity of the node 204, 208,234 by comparing the received identifier with the stored identifiers inthe identifier database of the core 200 at the step 1604. If theidentifier of the node 204, 208, 234 is verified, the core 200 transmitsa certificate request message to the node 204, 208, 234 at the step1606. The node 204, 208, 234 transmits the node certificate to the core200 at the step 1608. In some embodiments, the node 204, 208, 234selects which of the stored certificates to transmit based on the policyrequested in the request message of step 1602.

The core 200 verifies the node certificate by comparing the receivedcertificate with the stored certificates for that node in thecertificate database of the core 200 (and the node being able to proveits ownership of the certificate) at the step 1610. If the certificateof the node 204, 208, 234 is verified, the core 200 transmits a corecertificate to the node 204, 208, 234 at the step 1612. In someembodiments, the core 200 selects which of the stored certificates totransmit based on the policy requested in the request message of step1602. The node 204, 208, 234 verifies the core certificate by comparingthe received certificate with the stored core certificates for that core200 in the certificate database of the node 204, 208, 234 (and the corebeing able to prove its ownership of the certificate) at the step 1614.If the certificate of the core 200 is verified, the node 204, 208, 234transmits message encryption key request message to the core 200 at thestep 1616. In some embodiments, the certificate request messages andverification thereof is based on the policy such that different policiesare associated with different certificates and authentication thereofrequires that the certificate associated with the correct policy besubmitted.

The core 200 generates a new encryption key or retrieves an encryptionkey (e.g. NAK) stored the security module 1302 (e.g. via a request tothe security module management CPU 1304) at the step 1618. The core 200transmits the encryption key to the node 204, 208, 234 at the step 1620.The node 204, 208, 234 receives and stores the encryption key andtransmits the encryption key to the security module 1302 at the step1622. In some embodiments, the core 200 encrypts the encryption keybefore transmitting it to the node 204, 208, 234 (via the securitymodule management CPU 1304) using the root network keys (RNK) of thecore 200 and the node 204, 208, 234 so that it cannot be read by theother nodes during transport. The node 204, 208, 234 sends anacknowledgment of receiving the encryption key to the core 200 at thestep 1624. As a result, the system 100 enables each core/node pair toestablish (and reestablish) an encryption key (either only used by thatpair or shared by a set of one or more of the nodes and/or cores) forencrypting/decrypting communication between the core 200 and the node204, 208, 234 on the bus 104.

Before this authentication process, new nodes 204, 208, 234 joining thebus 104 are able to listen to broadcast messages from the core 200, butare restricted from transmitting/bursting messages onto the bus 104until they are authenticated. When listening, the new nodes 204, 208,234 will be unable to decrypt secure policy (SP) messages that areencrypted (e.g. via AES), but are able to understand public policy (PP)message that are unencrypted. Additionally, the authentication processdescribed above is able to require system administrator privileges toexecute.

The message encryption protocol causes the nodes 204, 208, 234 and/orcores 200 of the system 100 to encrypt all communications through thebus 104 (if subject to a secure policy) using an encryption key (e.g.AES key) assigned to the node 204, 208, 234 and/or core 200 by themanagement CPU 1304 and/or security module 1302 during the two-wayauthentication process. Alternatively, if the communications are notsensitive, they are subject to a public policy where the encryption isable to be omitted. The encryption keys used for encrypting messages areable to be unique to each node/core pair communicating such thatdifferent node/core pairs are able to use different encryption keys forencrypting their communications. Thus, a core 200 is able to storemultiple encryption keys each associated with one or more differentnodes 204, 208, 234 and used to encrypt/decrypt the messages from thoseone or more nodes 204, 208, 234. Similarly, a node 204, 208, 234 is ableto store multiple encryption keys each associated with one or moredifferent cores 200 and used to encrypt/decrypt the messages from thoseone or more cores 200. As a result, even if a decryption key iscompromised, the intruder is only able to decrypt messages from thenodes 204, 208, 234 and/or cores 200 using that key and not the messagesencrypted using other keys. Thus, the network layer of the system 100provides the benefit of enabling a separate key is to be used for eachnode/core communication combination and/or for encryption keys to beshared by some or all of the node/cores such that the level of securityof the system 100 is customized. Further, the network layer provides theadvantage of two-way authentication ensuring that both nodes and coresare authenticated before joining the network and that subsequentcommunications are encrypted from unwanted listening.

The behavior layer includes one or more behavior monitoring nodes (orcores) 1308 that are able to monitor the behavior of the nodes 204, 208,234 and/or cores 200 within the bus 104 (or a subset thereof) in orderto detect and/or respond to anomalous behavior. In some embodiments, themonitoring nodes 1308 are located within one or more of the nodes 204,208, 234 and/or the cores 200. Alternatively or in addition, themonitoring nodes 1308 are able to be separate from the nodes 204, 208,234 and/or the cores 200.

In operation, the monitoring nodes 1308 monitor and store the behaviorof one or more of the nodes 204, 208, 234 (and thus the devices 102coupled to them) and/or cores 200 within the bus 104. The monitoringnodes 1308 then compare periods of this monitored behavior to a set ofstored behavior parameters or patterns to determine if the period ofmonitored behavior is within the acceptable values of the behaviorparameters (for that node/core). If the monitored behavior is not withinthe acceptable values of the behavior parameters, the monitoring node1308 is able to take one or more security actions with respect to thenode/core. These actions are able to include sending a warning or errormessage indicating the detected behavior, suspending operation of thenode/core, requiring the node/core to re-authenticate with the system(e.g. via the authentication process of FIG. 16), changing theencryption keys used by all the other nodes/cores (such that the“misbehaving” node/core can no longer encrypt/decrypt messages on thesystem) and suspend operation of the all or portions of the bus 104,devices 102 and/or system. The monitoring node 1308 is able to include atable that associates one or more of the actions with the nodes/coresand their behavior parameters such that the action taken by themonitoring nodes 1308 is able to be based on how the monitored behaviordeviates from the behavior parameters as indicated by the table. In someembodiments, one or more of the actions are only taken if apredetermined number or percentage of the monitoring nodes 1308 allindicate that the behavior of the subject node/core (as separatelymonitored by those individual monitoring nodes 1308) is outside thebehavior parameters for that node/core.

The monitored behavior is able to comprise message frequency, messagetype, power usage, message destinations, message times, message size,congestion levels and/or other characteristics of behavior of nodesand/or cores described herein. Correspondingly, the stored behaviorparameters are able to comprise values, ranges, thresholds, ratios orother metrics of one or more of the monitored behavior characteristicsand/or combinations thereof. The stored behavior parameters are able tobe preprogrammed for each monitoring node 1308 (or shared by a pluralityof monitoring nodes 1308) such that each type of the nodes 204, 208, 234and/or cores 200 that it monitors has an associated set of behaviorparameters. Alternatively or in addition, one or more of the monitoringnodes 1308 is able to include an artificial intelligence orself-learning function where the nodes 1308 generate and/or adjust thebehavior parameters for each type of the nodes 204, 208, 234 and/orcores 200 that it monitors based on its behavior. For example, a defaultbehavior parameter is able to be preprogrammed and then adjustedperiodically based on the monitored behavior during that period.

As a result, the behavior layer provides the advantage of detecting whennodes and/or cores are hacked due to key/certificate leaks (e.g. illegalsoftware running on them using a legal certificate) as well as errors orother malfunctions causing misbehavior.

FIG. 17 illustrates a method of operating the intelligent controller andsensor intranet bus according to some embodiments. As shown in FIG. 17,the bus 104 performs a trust boot process comprising for each of thesubsystems of the bus 104: measuring a current boot image of thesubsystem and refraining from booting the subsystem unless themeasurements of the current boot image matches the measurements of theboot image of the subsystem stored in the security module at the step1702. The nodes 204, 208, 234 and the core 200 perform a two-wayauthentication process by verifying the identity of the core 200 withthe one of the nodes 204, 208, 234 based on a derivative of one or moreof the primary seeds and/or keys of the core 200 and verifying theidentity of the one of the devices 102 coupled to the one of the nodes204, 208, 234 with the core 200 based on a derivative of one or more ofthe primary seeds and/or keys of the one of the nodes 204, 208, 234 atthe step 1704. The behavior monitoring nodes 1308 stores sets ofbehavior parameters and actions that correspond to a group of one ormore of the nodes 204, 208, 234 and the core 200 and for each one of thegroup: monitors and records the behavior of the one of the group;compares the monitored behavior to the behavior parameters of one of thesets of behavior parameters and actions that corresponds to the one ofthe group; and if the monitored behavior does not satisfy the behaviorparameters, performs one or more of the actions of the one of the setsof behavior parameters and actions at the step 1706. As a result, themethod provides the benefit of ensuring security of the system 100 oncomponent, network and behavior levels.

In some embodiments, after enabling the one of the devices 102 tocommunicate messages, the node/core periodically re-perform the two-wayauthentication process and disabling the operation of the one of thedevices 102 on the bus 104 if the two-way authentication process fails.In some embodiments, if the two-way authentication process issuccessful, the core 200 determines an encryption key for the one of thedevices 102 and the one of the nodes and the core and node/deviceencrypt and decrypt messages using the encryption key. In someembodiments, each time the periodical re-performance of the two-wayauthentication process is successful, the core 200 determines a newencryption key for the one of the devices/node and encrypts and decryptsmessages using the new encryption key.

Device Modules

In some embodiments, the devices 102 are able to be device modules. FIG.9 illustrates a smart compliant actuator (SCA) and sensor module 900according to some embodiments. The SCA and sensor module 900 is able tobe one or more of the devices 102 of the machine automation system 100described herein. In some embodiments, the smart compliant actuator(SCA) and sensor module 900 allows deviations from its own equilibriumposition, depending on the applied external force, wherein theequilibrium position of the compliant actuator is defined as theposition of the actuator where the actuator generates zero force or zerotorque. As shown in FIG. 9, the SCA and sensor module is able tocomprise one or more motors 902, one or more sensors 904 and/or acontrol board 906 (for controlling the motors 902 and/or sensors 904)coupled together via a device network 908. In particular this type ofmodule 900 is able to perform high-bandwidth and/or low-latency requiredmachine automation tasks (e.g. coupled with one or more controllerdevices 102 via the bus 104). The motors 902 are able to includeactuator motors to control the actuation of the module 900 (e.g.movement of a robot arm) and the sensors 904 are able to include imageand/or magnetic sensors to input image data and/or detect the positionof the module 900 (e.g. a current position of the robot arm, a positionof the image sensor, sensed images from the front of a self-driving car,or other sensed data).

FIGS. 10A-C illustrate variants of the control board 906, 906′, 906″according to some embodiments. As shown in FIG. 10A, the control board906 for a multi-connection mode module 900 is able to comprise a nodesystem on chip (SoC) 1002, a transimpedance amplifier (TIA) and/or laserdriver (LD) 1004, a bidirectional optical subassembly (BOSA) 1006, apower regulator 1008, a motor driver 1010, a compliant actuator motorand power control connector 1012, a motor control signal transceiver1014, one or more sensors 1016, a optical splitter 1018, an input powerconnector 1020, one or more output power connectors 1022, a first fiberoptic connector 1024 and one or more second fiber optic connectors 1026all operatively coupled together. In particular, the BOSA 1006, splitter1018 and fiber optic connectors 1024, 1026 are coupled together viafiber optic cable. Alternatively, one or more of the above elements areable to be omitted, their quantity increased or decreased and/or otherelements are able to be added.

The control board 906 is able to be a flexible printed circuit board.The BOSA 1006 is able to comprise a transmitter optical sub-assembly(TOSA), a receiver optical sub-assembly (ROSA) and a wave divisionmultiplexing (WDM) filter so that it can use bidirectional technology tosupport two wavelengths on each fiber. In some embodiments, the BOSA1006 is a hybrid silicon photonics BOSA. The motor driver 1010 is ableto be a pre-driver, gate driver or other type of driver. The compliantactuator motor and power control connector 1012 is able to transmitcontrol and/or power signals to the motors 902. The motor control signaltransceiver 1014 is able to receive motor control signals and/ortransmit motor, sensor and/or other data to one or more controllerdevices 102 via the bus 104. The sensors 1016 are able to comprisemagnetic sensors and/or other types of sensors. For example, the sensors1016 are able to sense a position and/or orientation of the module 900and provide the positional data as feedback to the SoC 1002 and/or acontroller device 102 coupled with the module 900 via the bus 104. Theoptical splitter 1018 is able to be built-in to the control board 906.The input power connector 1020 receives power for the control board 906.The output power connectors 1022 are configured to supply, transferand/or forward power to one or more other boards/modules 900.

The first fiber optic connector 1024 is coupled with the fiber opticsplitter 1018 which splits the cable into two or more cables. One cablecouples with the BOSA 1006 for transmitting signals to and from theother elements of the board 906 and the remainder each couple with adifferent one of the one or more second fiber optic connectors 1026. Thefirst fiber optic connector 1024 and/or second fiber optic connectors1026 are able to be a pigtail fiber optic connection points and/orconnectors 1024. Specifically, the pigtail fiber optical connectionpoint and/or connector is able to comprise a single, short, usuallytight-buffered, optical fiber that has an optical connectorpre-installed on one end and a length of exposed fiber at the other end.The end of the pigtail is able to be stripped and fusion spliced to asingle fiber of a multi-fiber trunk. Alternatively, other types ofoptical connection points and/or connectors 1024 are able to be used.

In operation within the control boards 906, 906′, 906″, the motor driver1010 is able to receive pulse width modulated (PWM) control signalsgenerated by the SoC 1002 (and/or the controller devices 102 via the SoC1002) for controlling the torque, speed and/or other operations of themotors 902 of the SCA module 900 (via the compliant actuator motor andpower control connector 1012). Additionally, the sensors 1016, thesensors 904 and/or the driver 1010 are able to provide motor and/orsensor status feedback to the SoC 1002 such that the SoC 1002 (and/orthe controller devices 102 via the SoC 1002) are able to adjust thecontrol signals based on the feedback in order to control the operationof the motors 902 and/or sensors 904. For example, the driver 1010 isable to provide motor current sensor feedback comprising phase-A currentvalues, phase-B current values and phase-C current values, wherein aninternal analog to digital converter (ADC) of the SoC 1002 converts thevalues to digital values and the SoC 1002 (and/or the controller devices102 via the SoC 1002) adjusts the PWM control signals transmitted to thedriver 1010 based on the motor current sensor feedback received from thedriver 1010 thereby adjusting the speed, torque and/or othercharacteristics of the motors 902.

In operation within the system 100, the first fiber optic connector 1024enables the board/module 900 to couple to the bus 104 via an opticalfiber cable, while the splitter 1018 and the second fiber opticconnectors 1026 enable the board/module 900 to couple to one or moreadditional boards/modules 900 via additional optical fiber cable (e.g.for receiving control signals from and/or sending data signals to one ormore controller devices 102 coupled to other ports 99 of the bus 104. Asa result, as shown in FIG. 11A, the boards/modules 900 are able tocouple to ports 99 of the bus 104 as a serial cascade wherein only asingle port 99 is able to couple to a plurality of boards/modules 900.Specifically, as shown in FIG. 11A, one board 906 is optically coupledto the port 99 from the first fiber optic connector 1024 (via a fiberoptic cable) and each subsequent board 906 has its first fiber opticconnector 1024 coupled to the second fiber optic connector 1026 ofanother one of the boards 906 (all via fiber optic cables). Indeed, asshown in FIG. 11A, if the boards 906 include a plurality of second fiberoptic connectors 1026, the cascade is able to branch into a treestructure where single boards/modules 900 are optically coupled to aplurality of other boards/modules 900. At the same time, theboards/modules 900 are able to share power in the same manner in whichthey are optically coupled via the input power connector 1020 of one ormore of the module 900 receiving power from a power source and one ormore of the other modules 900 receiving power by coupling their inputpower connector 1020 to the output power connector 1022 of another oneof the modules 900.

Alternatively, as shown in FIG. 11B, the control board 906′ for asingle-connection mode module 900 is able to not include the one or moresecond fiber optic connectors 1026 and/or the one or more output powerconnectors 1022. In some embodiments, as shown in FIG. 10C, the controlboard 906″ for a single-connection mode image sensor module 900 is ableto further comprise one or more compliant actuator motors 1028 alongwith one or more image or other types of sensors 1030 (e.g. cameras,LIDAR, magnetic, ultrasound, infrared, radio frequency). In suchembodiments, the motors 1028 are able to control the movement of thesensors 1030 while the sensors 1016 detect the position and/ororientation of the motors 1028 and/or sensors 1030. Alternatively, thecontrol board 906″ is able to be a multi-connection mode image sensormodule 900 further comprising the one or more second fiber opticconnectors 1026 and/or the one or more output power connectors 1022.

As shown in FIG. 11A, these single-connection mode modules 900 and/orboards 906′ and 906″ are able to couple to the cascades or trees formedby the multi-connection mode modules 900 and/or couple in parallel tothe bus 104. Additionally, as shown in FIG. 11B, the system 100 is ableto comprise one or more external optical splitters 1102, wherein one ormore of the boards/modules 906, 906′, 906″ configured into serialcascades, trees and/or in parallel are able to be further parallelizedand/or serialized in the coupling to the bus 104 using the externaloptical splitter 1102. For example, as shown in FIG. 11B, an opticalsplitter 1102 is used to coupled to a single port 99, the output of acascade of modules 900, one or more individual modules 900 and anothersplitter 1102. Although as shown in FIG. 11B, the splitters 1102 are 1to 4 splitters, they are able to be any ratio 1 to N as desired. Alsoalthough as shown in FIGS. 11A and 11B, only the modules 906, 906′, 906″are shown as being coupled to the bus 104, it is understood that anycombination of other devices 102 are also able to be coupled to the bus104 along with the modules. For example, one or more controller devices102 are able to be coupled to the bus 104 for receiving data and issuingcommands to the modules.

As a result, the modules 900 provide the benefit of enabling super highthroughput and data bandwidth and can support up to 10× to 100× ofbandwidth and long distance compared to other modules. In particular,the ability to utilize optical communication along with serial cascadingcoupling allows the modules 900 to provide fast data transmission speedand super low latency without being disrupted by electromagneticinterference (EMI). Further, the modules 900 are particularly advantagesin the field of robotics, industrial automation and self-drivingvehicles due to its ability to handle their high bandwidth and lowlatency demands for sensor data.

FIG. 12 illustrates a method of operating a controller and sensor busincluding a plurality of ports for coupling with a plurality of externalmachine automation devices of a machine automation system according tosome embodiments. As shown in FIG. 12, one or more controller devices102 are coupled to one or more of the ports 99 of the bus 104 at thestep 1202. The first fiber optic connector 1024 of one or more SCA andsensor modules 900 are coupled with one or more of the ports 99 at thestep 1204. Messages are relayed between the controllers 104 and the SCAand sensor modules 900 through the bus 104 via the one or more centraltransmission networks 206 at the step 1206. The control boards 906adjust operation of the SCA and sensor modules 900 based on the messagesreceived from the controller devices 102 at the step 1208. In someembodiments, each of the SCA and sensor modules 900 is directly coupledin parallel to one of the ports 99 via the fiber optic cable. In someembodiments, coupling the SCA and sensor modules 900 includes couplingthe SCA and sensor modules 900 in parallel to an optical splitter 1102and coupling the optical splitter 1102 to the ports 99 via the fiberoptic cable. In some embodiments, coupling the SCA and sensor modules900 includes coupling the first fiber optic connector 1024 of a first ofthe SCA and sensor modules 900 to one of the ports 99 via the fiberoptic cable and coupling the second fiber optic connector 1026 of thefirst of the SCA and sensor modules 900 to the first fiber opticconnector 1024 of a second of the SCA and sensor modules 900.

The system 100 and machine automation controller and sensor bus 104implementing a dynamic burst to broadcast transmission network hasnumerous advantages. Specifically, it provides the benefit of a simplecable system and connection; the elimination of significant EMI impactsdue to the user of optical fiber cable; guaranteed low latency fornode-to-node communication; high throughput bandwidth from node to nodetransmission (10, 25, 100 or greater Gbps); can extend and reach up to20 km from node to node devices; low power consumption due topassive-optical-network architecture; industry grade QoS without trafficcongestion due to centralized DBA scheduling mechanism; built-in HARQmechanism to guarantee node-to-node and GEM transmission successful; andone unified software image for full intranet system including all gate,node and root ports enabling simplified software architecture, shorterproduct development cycle, and easier system level debug, monitoring andtrouble shooting remotely.

The present invention has been described in terms of specificembodiments incorporating details to facilitate the understanding ofprinciples of construction and operation of the invention. Suchreference herein to specific embodiments and details thereof is notintended to limit the scope of the claims appended hereto. It will bereadily apparent to one skilled in the art that other variousmodifications may be made in the embodiment chosen for illustrationwithout departing from the spirit and scope of the invention as definedby the claims. For example, although as described herein the bus isdescribed as operating within a machine automation system, it isunderstood that the bus is able to operate with other types of systemsand devices thereof for facilitating the communication between thedevices. Additionally, the discussion herein with regard to a particulartype of node is able to refer to any of the types of nodes discussedherein including virtual nodes and gates acting on behalf as nodes.Further, it is understood that as described herein, operations performedby or for the nodes 204, 208, 234 are able to be operations performed byor for the devices 102 coupled to the nodes 204, 208, 234 (e.g. inconcert with the nodes 204, 208, 234). Also, it is understood thatoperations are described herein with respect to a node 204 are able toapply to the other types of nodes 208, 234.

What is claimed is:
 1. A machine automation system for controlling andoperating an automated machine, the system comprising: a controller andsensor bus including: at least one central processing core including oneor more root ports each having a root acknowledgment engine; one or moretransmission networks each including a plurality of leaf nodes anddirectly coupled to the core via a different one of the root ports, theleaf nodes each including a leaf acknowledgment engine and a leaf nodememory; and a plurality of input/output ports each coupled with one ofthe leaf nodes; and a plurality of external machine automation deviceseach coupled to one of the leaf nodes via one or more of the portscoupled with the one of the leaf nodes; wherein: one of the root portstransmits a grant message indicating a transmission window to one of theleaf nodes coupled with the one of the root ports; the one of the leafnodes transmits a data message including a plurality of packets havingdestination information and an acknowledgment request indicator to oneof the root ports within the transmission window and the leafacknowledgment engine of the one of the leaf nodes stores a leaf copy ofthe data message including the plurality of packets; and if the one ofthe root ports receives the data message without any uncorrectableerrors, the root acknowledgment engine of the one of the root portstransmits a data-received message to the one of the leaf nodes whichremoves the leaf copy based on receiving the data-received message. 2.The system of claim 1, wherein if the one of the root ports does notreceive the data message within the transmission window, the rootacknowledgment engine of the one of the root ports transmits adata-missed message to the one of the leaf nodes which re-sends the datamessage including all of the packets using the leaf copy in a subsequenttransmission window granted to the one of the leaf nodes by the one ofthe root ports in a subsequent grant message.
 3. The system of claim 1,wherein if the one of the root ports receives the data message withuncorrectable errors in a subset of the packets, the root acknowledgmentengine of the one of the root ports transmits a data-partially-receivedmessage to the one of the leaf nodes, the data-partially-receivedmessage including packet missing/received information that identifiesthe subset of the packets that need to be re-sent, and a subsequenttransmission window granted to the one of the leaf nodes for re-sendingthe subset of the packets.
 4. The system of claim 1, wherein the one ofthe leaf nodes is a part of the plurality of nodes of a first network ofthe networks, and further wherein if the one of the root ports receivesthe data message without any uncorrectable errors and the destinationinformation of the data message indicates that the data message needs tobe broadcast by the one of the root ports to all of the leaf nodes inthe first network, the root acknowledgment engine of the one of the rootports refrains from transmitting the data-received message to the one ofthe leaf nodes.
 5. The system of claim 1, wherein when the destinationinformation indicates the data message is to be sent to one or moreother of the leaf nodes, the one of the root ports transmits the datamessage to the other of the leaf nodes and the root acknowledgmentengine stores a root copy of the data message including the plurality ofpackets and re-sends one or more of the packets to the other of the leafnodes in a subsequent data message if the one of the root ports does notreceive an leaf data-received message from one or more of the other ofthe leaf nodes indicating that the one or more of the packets werereceived without any uncorrectable errors.
 6. The system of claim 3,wherein in response to receiving the data-partially-received message,the one of the leaf nodes removes the packets that are not a part of thesubset from the leaf copy based on the missing/received information. 7.The system of claim 4, wherein in response to receiving the data messageas broadcast from the one of the root ports within the first network,the one of the leaf nodes determines that the one of the leaf nodes isthe source of the data message and removes from the leaf copy any of thepackets found in the data message such that they are not re-sent to theone of the root ports.
 8. The system of claim 5, wherein the one of theroot ports selects a target node of the leaf nodes of the first networkand when the other of the leaf nodes are a plurality of the leaf nodesof the first network, only the target node is configured to respond withthe leaf data-received message.
 9. The system of claim 6, wherein themissing/received information comprises a bit map including a bit foreach of the packets of the data message whose value identifies whetherthe packet needs to be re-sent.
 10. The system of claim 8, wherein thetarget node is selected based on which of the leaf nodes of the firstnetwork is the last to receive messages broadcast from the one of theroot ports through the first network.
 11. The system of claim 9, whereinthe missing/received information comprises a start of sequence value andan end of sequence value that identify a range of the packets that donot need to be re-sent.
 12. The system of claim 11, wherein the one ofthe leaf nodes re-sends the subset to the one of the root ports in a newdata message after timers associated with each of the subset expire inthe subsequent transmission window granted to the one of the leaf nodesby the one of the root ports in a subsequent grant message.
 13. Thesystem of claim 12, wherein the new data message includes one or moreother packets that were not a part of the data message in addition tothe subset.
 14. A controller and sensor bus, the bus comprising: atleast one central processing core including one or more root ports eachhaving a root acknowledgment engine; one or more transmission networkseach including a plurality of leaf nodes and directly coupled to thecore via a different one of the root ports, the leaf nodes eachincluding a leaf acknowledgment engine and a leaf node memory; and aplurality of input/output ports each coupled with one of the leaf nodes;wherein: one of the root ports transmits a grant message indicating atransmission window to one of the leaf nodes coupled with the one of theroot ports; the one of the leaf nodes transmits a data message includinga plurality of packets having destination information and anacknowledgment request indicator to one of the root ports within thetransmission window and the leaf acknowledgment engine of the one of theleaf nodes stores a leaf copy of the data message including theplurality of packets; and if the one of the root ports receives the datamessage without any uncorrectable errors, the root acknowledgment engineof the one of the root ports transmits a data-received message to theone of the leaf nodes which removes the leaf copy based on receiving thedata-received message.
 15. The bus of claim 14, wherein if the one ofthe root ports does not receive the data message within the transmissionwindow, the root acknowledgment engine of the one of the root portstransmits a data-missed message to the one of the leaf nodes whichre-sends the data message including all of the packets using the leafcopy in a subsequent transmission window granted to the one of the leafnodes by the one of the root ports in a subsequent grant message. 16.The bus of claim 14, wherein if the one of the root ports receives thedata message with uncorrectable errors in a subset of the packets, theroot acknowledgment engine of the one of the root ports transmits adata-partially-received message to the one of the leaf nodes, thedata-partially-received message including packet missing/receivedinformation that identifies the subset of the packets that need to bere-sent, and a subsequent transmission window granted to the one of theleaf nodes for re-sending the subset of the packets.
 17. The bus ofclaim 14, wherein the one of the leaf nodes is a part of the pluralityof nodes of a first network of the networks, and further wherein if theone of the root ports receives the data message without anyuncorrectable errors and the destination information of the data messageindicates that the data message needs to be broadcast by the one of theroot ports to all of the leaf nodes in the first network, the rootacknowledgment engine of the one of the root ports refrains fromtransmitting the data-received message to the one of the leaf nodes. 18.The bus of claim 14, wherein when the destination information indicatesthe data message is to be sent to one or more other of the leaf nodes,the one of the root ports transmits the data message to the other of theleaf nodes and the root acknowledgment engine stores a root copy of thedata message including the plurality of packets and re-sends one or moreof the packets to the other of the leaf nodes in a subsequent datamessage if the one of the root ports does not receive an leafdata-received message from one or more of the other of the leaf nodesindicating that the one or more of the packets were received without anyuncorrectable errors.
 19. The bus of claim 16, wherein in response toreceiving the data-partially-received message, the one of the leaf nodesremoves the packets that are not a part of the subset from the leaf copybased on the missing/received information.
 20. The bus of claim 17,wherein in response to receiving the data message as broadcast from theone of the root ports within the first network, the one of the leafnodes determines that the one of the leaf nodes is the source of thedata message and removes from the leaf copy any of the packets found inthe data message such that they are not re-sent to the one of the rootports.
 21. The bus of claim 18, wherein the one of the root portsselects a target node of the leaf nodes of the first network and whenthe other of the leaf nodes are a plurality of the leaf nodes of thefirst network, only the target node is configured to respond with theleaf data-received message.
 22. The bus of claim 19, wherein themissing/received information comprises a bit map including a bit foreach of the packets of the data message whose value identifies whetherthe packet needs to be re-sent.
 23. The bus of claim 21, wherein thetarget node is selected based on which of the leaf nodes of the firstnetwork is the last to receive messages broadcast from the one of theroot ports through the first network.
 24. The bus of claim 22, whereinthe missing/received information comprises a start of sequence value andan end of sequence value that identify a range of the packets that donot need to be re-sent.
 25. The bus of claim 24, wherein the one of theleaf nodes re-sends the subset to the one of the root ports in a newdata message: after timers associated with each of the subset expire;and in the subsequent transmission window granted to the one of the leafnodes for re-sending the subset by the one of the root ports in asubsequent grant message.
 26. The bus of claim 25, wherein the new datamessage includes one or more other packets that were not a part of thedata message in addition to the subset.
 27. A central core of acontroller and sensor bus including one or more transmission networkseach including a plurality of leaf nodes and directly coupled to thecore, the leaf nodes each including a leaf acknowledgment engine and aleaf node memory, the central core comprising: at least one centralprocessing unit; and a non-transitory computer readable memory storingat least one root port coupled with the central processing unit andhaving a root acknowledgment engine, wherein the root port is configuredto: transmit a grant message indicating a transmission window to one ofthe leaf nodes coupled with the root port; and if the root port receivesa data message from the one of the leaf nodes within the transmissionwindow without any uncorrectable errors, transmit a data-receivedmessage to the one of the leaf nodes with the root acknowledgmentengine, wherein the data message includes a plurality of packets havingdestination information and an acknowledgment request indicator.
 28. Thecentral core of claim 27, wherein if the root port does not receive thedata message within the transmission window, the root acknowledgmentengine of the root port is configured to transmit a data-missed messageto the one of the leaf nodes, the data-missed message indicating asubsequent transmission window granted to the one of the leaf nodes forre-sending the data message.
 29. The central core of claim 27, whereinif the root port receives the data message with uncorrectable errors ina subset of the packets, the root acknowledgment engine of the root portis configured to transmit a data-partially-received message to the oneof the leaf nodes, the data-partially-received message including packetmissing/received information that identifies the subset of the packetsthat need to be re-sent and a subsequent transmission window granted tothe one of the leaf nodes for re-sending the subset of the packets. 30.The central core of claim 27, wherein the one of the leaf nodes is apart of the plurality of nodes of a first network of the networks, andfurther wherein if the root port receives the data message without anyuncorrectable errors and the destination information of the data messageindicates that the data message needs to be broadcast to all of the leafnodes in the first network, the root acknowledgment engine of the rootport is configured to refrain from transmitting the data-receivedmessage to the one of the leaf nodes.
 31. The central core of claim 27,wherein when the destination information indicates the data message isto be sent to one or more other of the leaf nodes, the root porttransmits the data message to the other of the leaf nodes and the rootacknowledgment engine stores a root copy of the data message includingthe plurality of packets and re-sends one or more of the packets to theother of the leaf nodes in a subsequent data message if the root portdoes not receive an leaf data-received message from one or more of theother of the leaf nodes indicating that the one or more of the packetswere received without any uncorrectable errors.
 32. The central core ofclaim 29, wherein the missing/received information comprises a bit mapincluding a bit for each of the packets of the data message whose valueidentifies whether the packet needs to be re-sent.
 33. The central coreof claim 31, wherein the root port selects a target node of the leafnodes of the first network and when the other of the leaf nodes are aplurality of the leaf nodes of the first network, only the target nodeis configured to respond with the leaf data-received message.
 34. Thecentral core of claim 32, wherein the missing/received informationcomprises a start of sequence value and an end of sequence value thatidentify a range of the packets that do not need to be re-sent.
 35. Thecentral core of claim 33, wherein the target node is selected based onwhich of the leaf nodes of the first network is the last to receivemessages broadcast from the one of the root ports through the firstnetwork.
 36. A controller and sensor bus, the bus comprising: one ormore transmission networks each including a root port and a plurality ofleaf nodes, the leaf nodes each including a leaf acknowledgment engineand a leaf node memory; and a plurality of input/output ports eachcoupled with one of the leaf nodes, wherein one of the leaf nodes of afirst network of the networks is configured to: receive a grant messagefrom the root port of the first network indicating a transmission windowallotted to the one of the leaf nodes; transmit a data message includinga plurality of packets having destination information and anacknowledgment request indicator to the root port within thetransmission window and store a leaf copy of the data message includingthe plurality of packets; and receive a data-received message from theroot port, wherein the data-received message indicates if the root portreceived the data message without any uncorrectable errors; and removeat least a portion of the leaf copy based on the data-received message.37. The bus of claim 36, wherein, if the leaf node receives adata-missed message from the root port and is granted a subsequenttransmission window for re-sending the data message by the root port,the one of the leaf nodes is configured to re-send the data messageincluding all of the packets using the leaf copy, wherein thedata-missed message indicates the root port did not receive the datamessage within the transmission window.
 38. The bus of claim 36, whereinthe one of the leaf nodes is configured to receive adata-partially-received message from the root port, thedata-partially-received message indicating that the root port receivedthe data message with uncorrectable errors in a subset of the packetsand including packet missing/received information that identifies thesubset of the packets that need to be re-sent, and a subsequenttransmission window granted to the one of the leaf nodes for re-sendingthe subset of the packets.
 39. The bus of claim 36, wherein in responseto receiving the data message as broadcast from the root port within thefirst network, the one of the leaf nodes is configured to determine thatthe one of the leaf nodes is the source of the data message and removefrom the leaf copy any of the packets found in the data message suchthat they are not re-sent to the one of the root ports.
 40. The bus ofclaim 36, wherein the one of the leaf nodes is configured to refrainfrom responding to other data messages broadcast by the root port to allthe leaf nodes on the first network unless the one of the leaf nodesreceives a target message from the root port indicating that the leafnode is a target node that must respond with a leaf data-receivedmessage on behalf of all of the nodes of the first network uponreceiving the other data messages broadcast by the root port.
 41. Thebus of claim 38, wherein in response to receiving thedata-partially-received message, the one of the leaf nodes is configuredto remove the packets that are not a part of the subset from the leafcopy based on the missing/received information.
 42. The bus of claim 41,wherein the missing/received information comprises a bit map including abit for each of the packets of the data message whose value identifieswhether the packet needs to be re-sent.
 43. The bus of claim 42, whereinthe missing/received information comprises a start of sequence value andan end of sequence value that identify a range of the packets that donot need to be re-sent.
 44. The bus of claim 43, wherein the one of theleaf nodes is configured to re-send the subset to the one of the rootports in a new data message: after timers associated with each of thesubset expire; and in the subsequent transmission window granted to theone of the leaf nodes for re-sending the subset by the one of the rootports in a subsequent grant message.
 45. The bus of claim 44, whereinthe new data message includes one or more other packets that were not apart of the data message in addition to the subset.
 46. A method ofoperating a controller and sensor bus including at least one centralprocessing core including one or more root ports each having a rootacknowledgment engine, one or more transmission networks each includinga plurality of leaf nodes and directly coupled to the core via adifferent one of the root ports, the leaf nodes each including a leafacknowledgment engine and a leaf node memory, the method comprising:transmitting a grant message with one of the root ports, the grantmessage indicating a transmission window to one of the leaf nodescoupled with the one of the root ports; transmitting, with the one ofthe leaf nodes, a data message to one of the root ports within thetransmission window, the data message including a plurality of packetshaving destination information and an acknowledgment request indicator;storing a leaf copy of the data message including the plurality ofpackets with the leaf acknowledgment engine of the one of the leafnodes; if the one of the root ports receives the data message withoutany uncorrectable errors, transmitting a data-received message to theone of the leaf nodes with the root acknowledgment engine of the one ofthe root ports; and removing the leaf copy with the one of the leafnodes based on receiving the data-received message.
 47. The method ofclaim 46, further comprising: transmitting a data-missed message to theone of the leaf nodes with the root acknowledgment engine of the one ofthe root ports if the one of the root ports does not receive the datamessage within the transmission window; and re-sending the data messagewith the one of the leaf nodes including all of the packets using theleaf copy in a subsequent transmission window granted to the one of theleaf nodes by the one of the root ports in a subsequent grant message.48. The method of claim 46, further comprising if the one of the rootports receives the data message with uncorrectable errors in a subset ofthe packets, transmitting a data-partially-received message to the oneof the leaf nodes with the root acknowledgment engine of the one of theroot ports, the data-partially-received message including packetmissing/received information that identifies the subset of the packetsthat need to be re-sent, and a subsequent transmission window granted tothe one of the leaf nodes for re-sending the subset of the packets. 49.The method of claim 46, wherein the one of the leaf nodes is a part ofthe plurality of nodes of a first network of the networks, furthercomprising if the one of the root ports receives the data messagewithout any uncorrectable errors and the destination information of thedata message indicates that the data message needs to be broadcast bythe one of the root ports to all of the leaf nodes in the first network,refraining from transmitting the data-received message to the one of theleaf nodes with the root acknowledgment engine of the one of the rootports.
 50. The method of claim 46, further comprising: when thedestination information indicates the data message is to be sent to oneor more other of the leaf nodes, transmitting the data message to theother of the leaf nodes with the one of the root ports; and storing aroot copy of the data message including the plurality of packets andre-sending one or more of the packets to the other of the leaf nodes ina subsequent data message with the root acknowledgment engine if the oneof the root ports does not receive an leaf data-received message fromone or more of the other of the leaf nodes indicating that the one ormore of the packets were received without any uncorrectable errors. 51.The method of claim 48, further comprising in response to receiving thedata-partially-received message, removing the packets that are not apart of the subset from the leaf copy based on the missing/receivedinformation with the one of the leaf nodes.
 52. The method of claim 50,further comprising selecting a target node of the leaf nodes of thefirst network with the one of the root ports, wherein when the other ofthe leaf nodes are a plurality of the leaf nodes of the first network,only the target node is configured to respond with the leafdata-received message.
 53. The method of claim 49, further comprising,in response to receiving the data message as broadcast from the one ofthe root ports within the first network, determining that the one of theleaf nodes is the source of the data message and removing from the leafcopy any of the packets found in the data message with the one of theleaf nodes such that they are not re-sent to the one of the root ports.54. The method of claim 51, wherein the missing/received informationcomprises a bit map including a bit for each of the packets of the datamessage whose value identifies whether the packet needs to be re-sent.55. The method of claim 52, wherein the target node is selected based onwhich of the leaf nodes of the first network is the last to receivemessages broadcast from the one of the root ports through the firstnetwork.
 56. The method of claim 54, wherein the missing/receivedinformation comprises a start of sequence value and an end of sequencevalue that identify a range of the packets that do not need to bere-sent.
 57. The method of claim 56, further comprising re-sending thesubset to the one of the root ports in a new data message with the oneof the leaf nodes: after timers associated with each of the subsetexpire; and in the subsequent transmission window granted to the one ofthe leaf nodes for re-sending the subset by the one of the root ports ina subsequent grant message.
 58. The method of claim 57, wherein the newdata message includes one or more other packets that were not a part ofthe data message in addition to the subset.